Krebs on Security

MARCH 11, 2024

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.

Marketing 275

Marketing Scams Cryptocurrency Cybercrime 275

Schneier on Security

MARCH 11, 2024

Initial results in using LLMs to unredact text based on the size of the individual-word redaction rectangles. This feels like something that a specialized ML system could be trained on.

270

270

NetSpi Technical

MARCH 11, 2024

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. Note, a pull request containing the proof-of-concept code is forthcoming to provide organizations with sufficient time to patch.

Authentication 145

Authentication Penetration Testing Technology Phishing 145

Bleeping Computer

MARCH 11, 2024

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. [.

Accountability 143

Accountability Hacking Data breaches 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

MARCH 11, 2024

Free rides and traffic jams: U.S. Cybersecurity and Infrastructure Security Agency penetrated in February, via vuln in Ivanti. The post Irony of Ironies: CISA Hacked — ‘by China’ appeared first on Security Boulevard.

Hacking 137

Hacking Cybersecurity Social Engineering Data privacy 137

WIRED Threat Level

MARCH 11, 2024

Starting at the end of April, Airbnb will no longer allow hosts to have security cameras inside their rental properties, citing a commitment to prioritizing guest privacy.

138

138

Bleeping Computer

MARCH 11, 2024

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. [.

133

133

Penetration Testing

MARCH 11, 2024

A dangerous new malware named Planet Stealer is making its rounds in the cybercriminal underworld, and security experts warn that your passwords, cryptocurrency wallets, and other sensitive information could be in its sights. Analyzed... The post New ‘Planet Stealer’ Malware Emerges: Your Passwords and Crypto Wallets at Risk appeared first on Penetration Testing.

Passwords 131

Passwords Penetration Testing Malware Risk 131

Security Affairs

MARCH 11, 2024

Threat actors are hacking WordPress sites by exploiting a vulnerability, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin. In January, Sucuri researchers reported that Balada Injector malware infected over 7100 WordPress sites using a vulnerable version of the Popup Builder WordPress plugin. Sucurity reported that on December 13th, the Balada Injector campaign started infecting websites using older versions of the Popup Builder ( CVE-2023-6000 , CVSS score 8.8).

Malware 129

Malware Hacking Cybercrime Information Security 129

WIRED Threat Level

MARCH 11, 2024

The Pentagon says it’s not hiding aliens, but it stops notably short of saying what it is hiding. Here are the key questions that remain unanswered—some answers could be weirder than UFOs.

125

125

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MARCH 11, 2024

Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. Researchers from Horizon3.ai have published technical details and a proof-of-concept (PoC) exploit for the critical security flaw CVE-2024-1403 in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security vulnerability in OpenEdge Release 11.7.18 and earlier, OpenEdg

Software 118

Software Authentication Passwords Engineering 118

Bleeping Computer

MARCH 11, 2024

Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. [.

Education 130

Education 130

Security Boulevard

MARCH 11, 2024

The cyberthreats to users of JetBrains’ TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that included exploiting the flaws for initial access and a search engine reporting that 1,442 vulnerable instances showed signs of exploitation.

Engineering 119

Engineering Ransomware Cybersecurity Security Awareness 119

Penetration Testing

MARCH 11, 2024

Wordfence, a leading authority in WordPress security warns about a serious vulnerability in the widely used WP Statistics plugin. This vulnerability (CVE-2024-2194) allows attackers to inject malicious code directly into a WordPress website, putting... The post CVE-2024-2194: WP Statistics Flaw Opens 600K+ WordPress Sites to Attack appeared first on Penetration Testing.

Penetration Testing 117

Penetration Testing 117

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MARCH 11, 2024

With every new healthcare API integration that OpenAI gets access to, the attack surface grows, creating new opportunities for attackers. The post Beware of OpenAI and ChatGPT-4 Turbo in Healthcare Orgs’ API Attack Surface appeared first on Security Boulevard.

Healthcare 117

Healthcare Security Awareness Risk Mobile 117

Bleeping Computer

MARCH 11, 2024

The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. [.

Cryptocurrency 115

Cryptocurrency 115

Security Affairs

MARCH 11, 2024

BianLian ransomware group was spotted exploiting vulnerabilities in JetBrains TeamCity software in recent attacks. Researchers from GuidePoint Security noticed, while investigating a recent attack linked to the BianLian ransomware group, that the threat actors gained initial access to the target by exploiting flaws in a TeamCity server. The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufacturing, media a

Ransomware 108

Ransomware Malware Healthcare Manufacturing 108

eSecurity Planet

MARCH 11, 2024

This past week, both JetBrains TeamCity and Atlassian Confluence products have run into more hiccups as their string of vulnerabilities continues. Apple’s also had plenty to patch, and Cisco, OpenEdge, and VMware appeared in the news, too. JetBrains and Atlassian users should pay special attention since vulnerabilities continue cropping up in the same products.

Authentication 109

Authentication Software VPN Security Defenses 109

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MARCH 11, 2024

Threat Overview – Phobos The Phobos Ransomware variant has been active since May of 2019, targeting a variety of entities that include governments, emergency services, critical infrastructure, education and public healthcare. Operating under a RaaS (Ransomware-as-a-Service) model, this ransomware variant has been responsible for the extortion of millions of dollars from victims targeted.

Healthcare 108

Healthcare Education Ransomware Government 108

The Hacker News

MARCH 11, 2024

Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin said.

Banking 109

Banking Phishing Malware 109

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. A financially motivated threat actor named Magnet Goblin made the headlines for rapidly adopting and exploiting 1-day vulnerabilities, CheckPoint warned. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN.

Malware 103

Malware VPN Encryption Hacking 103

Penetration Testing

MARCH 11, 2024

STRIDE GPT STRIDE GPT is an AI-powered threat modeling tool that leverages OpenAI’s GPT models to generate threat models and attack trees for a given application based on the STRIDE methodology. Users provide application... The post STRIDE GPT: An AI-powered threat modeling tool appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing 107

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

WIRED Threat Level

MARCH 11, 2024

Tigran Gambaryan, a former crypto-focused US federal agent, and a second Binance executive, Nadeem Anjarwalla, have been held in Abuja without passports for two weeks.

Cryptocurrency 107

Cryptocurrency 107

Penetration Testing

MARCH 11, 2024

OpenArk OpenArk is an open-source anti-rootkit (ARK) tool for Windows. Ark is an Anti-Rootkit abbreviated, it aims at reversing/programming helper, and also users can find hidden malwares in the OS. More and more powerful... The post OpenArk: Next Generation of Anti-Rootkit(ARK) tool for Windows appeared first on Penetration Testing.

Penetration Testing 109

Penetration Testing Malware Engineering 109

Bleeping Computer

MARCH 11, 2024

Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. [.

Hacking 111

Hacking 111

Penetration Testing

MARCH 11, 2024

Security researchers have exposed a crafty attack campaign manipulating a decentralized content delivery network (CDN) to reap quick profits ahead of an upcoming cryptocurrency release. The attackers compromised cloud accounts and hijacked resources on... The post Attackers Exploit Decentralized CDN for Crypto Rewards appeared first on Penetration Testing.

Penetration Testing 104

Penetration Testing Cryptocurrency Accountability Malware 104

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

MARCH 11, 2024

Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. [.

Encryption 110

Encryption Software 110

Penetration Testing

MARCH 11, 2024

Proof-of-concept (PoC) exploit code will be released at “a later date “for a high-severity CVE-2024-21378 (CVSS 8.8) vulnerability allowing remote code execution (RCE) in Microsoft Outlook. It allows attackers to execute malicious code on... The post Researchers to Release PoC Exploit for Microsoft Outlook RCE Flaw, Patch Now!

Penetration Testing 102

Penetration Testing 102

The Hacker News

MARCH 11, 2024

Russia has detained a South Korean national for the first time on cyber espionage charges and transferred from Vladivostok to Moscow for further investigation. The development was first reported by Russian news agency TASS.

93

93

Penetration Testing

MARCH 11, 2024

Security researchers at GuidePoint have uncovered a new weapon in the BianLian ransomware gang’s arsenal – a PowerShell backdoor. This shift in tactics appears to be a direct response to the release of a... The post Security Alert: BianLian Deploys New PowerShell Weapon appeared first on Penetration Testing.

Penetration Testing 100

Penetration Testing Ransomware Malware 100

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.