Mon.Apr 22, 2024

article thumbnail

Using Legitimate GitHub URLs for Malware

Schneier on Security

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg. The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.

Malware 280
article thumbnail

Weekly Update 396

Troy Hunt

"More Data Breaches Than You Can Shake a Stick At" That seems like a reasonable summary and I suggest there are two main reasons for this observation. Firstly, there are simply loads of breaches happening and you know this already because, well, you read my stuff! Secondly, There are a couple of Twitter accounts in particular that are taking incidents that appear across a combination of a popular clear web hacking forum and various dark web ransomware websites and "raising them to th

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published

Penetration Testing

Security researcher Naor Hodorov has made public a proof-of-concept (PoC) exploit for a severe vulnerability (CVE-2024-21111) in Oracle VirtualBox. This vulnerability plagues VirtualBox versions before 7.0.16 and allows attackers with basic access to a... The post Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published appeared first on Penetration Testing.

article thumbnail

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

The Hacker News

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.

136
136
article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign

Penetration Testing

A new critical vulnerability has emerged, targeting users of the popular enterprise file transfer software, CrushFTP. This zero-day flaw, identified as CVE-2024-4040 with a CVSS score of 7.7, poses a severe risk to organizations... The post CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign appeared first on Penetration Testing.

article thumbnail

The 10 Women in Cybersecurity You Need to Follow

Security Boulevard

These women are innovating in the cybersecurity field. How many of them do you know? The post The 10 Women in Cybersecurity You Need to Follow appeared first on Security Boulevard.

More Trending

article thumbnail

TA547 Phishing Attack: German Companies Hit With Infostealer

Security Boulevard

Researchers at Proofpoint have found out that the TA547 phishing attack campaigns have been targeting different German companies. Identified as TA547, the threat actor has been using an information stealer called Rhadamanthys to get its hand on important financial data of companies. This information is then used by several cybercriminal threat actors.

Phishing 124
article thumbnail

ToddyCat: Unveiling the Stealthy APT Group Targeting Asia-Pacific Governments

Penetration Testing

A new report from Kaspersky Labs reveals a sophisticated toolkit used by the advanced persistent threat (APT) group, “ToddyCat,” to steal massive amounts of sensitive data and maintain control over compromised systems. The group... The post ToddyCat: Unveiling the Stealthy APT Group Targeting Asia-Pacific Governments appeared first on Penetration Testing.

article thumbnail

GitLab affected by GitHub-style CDN flaw allowing malware hosting

Bleeping Computer

BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion. [.

Malware 127
article thumbnail

BreachRx Gets $6.5 Million to Automate Security Incident Response

Security Boulevard

A six-year-old company that is building a platform and portfolio of tools aimed at automating organizations’ responses to data breaches and protecting executives from personal liability is getting $6.5 million in seed money and bringing on as an adviser the former chief security offer for Uber who last year became the face of legal consequences. The post BreachRx Gets $6.5 Million to Automate Security Incident Response appeared first on Security Boulevard.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Billions of scraped Discord messages up for sale

Malwarebytes

Four billions public Discord messages are for sale on an internet scraping service called Spy.pet. At first sight there doesn’t seem to be much that is illegal about it. The messages were publicly accessible and there are no laws against scraping data. However, it turns out the site did disregard some laws: more on that later. To get this amount of data the platform gathered information from 14,201 servers about 627,914,396 users.

article thumbnail

Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities

Security Affairs

Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve rootkit-like capabilities. SafeBreach researcher Or Yair devised a technique, exploiting vulnerabilities in the DOS-to-NT path conversion process, to achieve rootkit-like capabilities on Windows. When a user executes a function with a path argument in Windows, the DOS path of the file or folder is converted to an NT path.

Software 116
article thumbnail

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The Hacker News

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network.

article thumbnail

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

A financially motivated group named GhostR claims the theft of a sensitive database from World-Check and threatens to publish it. World-Check is a global database utilized by various organizations, including financial institutions, regulatory bodies, and law enforcement agencies, for assessing potential risks associated with individuals and entities.

Risk 116
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Multiple Vulnerabilities Patched in Apache HugeGraph – Update Immediately

Penetration Testing

Apache HugeGraph, a leading high-performance graph database known for its ability to handle billions of vertices and edges with robust online transaction processing (OLTP) capabilities, has recently addressed several critical security vulnerabilities that posed... The post Multiple Vulnerabilities Patched in Apache HugeGraph – Update Immediately appeared first on Penetration Testing.

article thumbnail

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. Since at least June 2020, and possibly earlier, the cyberespionage group has used the tool GooseEgg to exploit the CVE-2022-38028 vulnerability.

article thumbnail

Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage

The Hacker News

Microsoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient. "They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective," the tech giant said in its latest report on East Asia hacking groups.

article thumbnail

ToddyCat is making holes in your infrastructure

SecureList

We continue covering the activities of the APT group ToddyCat. In our previous article , we described tools for collecting and exfiltrating files ( LoFiSe and PcExter ). This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts they are interested in, and what tools they use to extract it.

VPN 108
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

The Hacker News

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg.

Malware 108
article thumbnail

Change Healthcare Finally Admits It Paid Ransomware Hackers—and Still Faces a Patient Data Leak

WIRED Threat Level

The company belatedly conceded both that it had paid the cybercriminals extorting it and that patient data nonetheless ended up on the dark web.

article thumbnail

NIST Cybersecurity Framework: A Cheat Sheet for Professionals (Free PDF)

Tech Republic Security

The tech world has a problem: Security fragmentation. There’s no standard set of rules or even language for mitigating cyber risk used to address the growing threats of hackers, ransomware and stolen data, and the threat to data only continues to grow. President Barack Obama recognized the cyber threat in 2013, which led to his.

article thumbnail

Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

The Hacker News

The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Server Inventory Checklist (Free Download)

Tech Republic Security

Threats from malware, cryptographic infections and compromised networks have never been greater. Headlines regularly attest to such widespread problems, from infection-felled organizations to dangerous vulnerabilities in popular tools. Companies can’t protect their technological infrastructure, though, without a solid grasp of the actual equipment in play.

article thumbnail

North Koreans Secretly Animated Amazon and Max Shows, Researchers Say

WIRED Threat Level

Thousands of exposed files on a misconfigured North Korean server hint at one way the reclusive country may evade international sanctions.

108
108
article thumbnail

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

The Hacker News

Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur.

article thumbnail

Russian Sandworm hackers targeted 20 critical orgs in Ukraine

Bleeping Computer

Russian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team (CERT-UA). [.

97
article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

The Hacker News

The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such businesses.

Spyware 91
article thumbnail

How To Prevent Car Hacking Like A PRO!

SecureBlitz

Want to know how to prevent car hacking attempts? Read on! Without the use of car key fob, hackers can steal cars remotely. These are some of those things that we dislike in the higher growth of technology and innovation. The reality is, even though we open our hands and welcome all the innovative ideas […] The post How To Prevent Car Hacking Like A PRO!

Hacking 90
article thumbnail

Giving NIST Digital Identity Guidelines a Boost: Supplement for Incorporating Syncable Authenticators

NSTIC

We all need supplements sometimes. Whether it’s a little extra vitamin C during flu season or some vitamin D during the dark days of Winter. When used correctly, supplements help our body adjust to the changing conditions around us. Similarly, we are applying this same concept for the first time to our NIST SP 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management.

article thumbnail

Russia-Linked Hackers Exploit Windows Zero-Day, Deploy “GooseEgg” to Hijack Networks

Penetration Testing

Microsoft has exposed a sophisticated new tool in the arsenal of the Russian state-backed hacking group “Forest Blizzard.” Dubbed “GooseEgg,” this tool allows attackers to gain deep access to compromised systems, making them a... The post Russia-Linked Hackers Exploit Windows Zero-Day, Deploy “GooseEgg” to Hijack Networks appeared first on Penetration Testing.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?