March, 2024

article thumbnail

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt.

Passwords 344
article thumbnail

Inside the Massive Alleged AT&T Data Breach

Troy Hunt

I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many unanswered questions. But sometimes, "alleged" is just where we need to begin and over the course of time, proper attribution is made and the dots are joined. We're here at "alleged" for two very simple reasons: one is that AT&T is saying "the data didn't come from us", and the other is that I have no way of proving otherwise.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Automakers Are Sharing Driver Data with Insurers without Consent

Schneier on Security

Kasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving.

Insurance 319
article thumbnail

NIST Cybersecurity Framework: A Cheat Sheet for Professionals

Tech Republic Security

The US National Institute of Standards and Technology's framework defines federal policy, but it can be used by private enterprises, too. Here's what you need to know.

article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

xz-utils backdoor: how to get started

Kali Linux

Following the recent disclosure of a backdoor in upstream xz/liblzma , we are writing this “get started” kind of blog post. We will explain how to setup an environment with the backdoored version of liblzma, and then the first commands to run to validate that the backdoor is installed. All in all, it should just take a few minutes, and there’s no learning curve, it’s all very simple.

Internet 145
article thumbnail

CVE-2024-0582: Serious Linux Kernel Bug Opens Door to System Takeovers, PoC Published

Penetration Testing

The technical details and proof-of-concept (PoC) exploit code has been released for a significant vulnerability, designated CVE-2024-0582 (CVSS 7.8) in the Linux kernel. The flaw, affecting versions 6.4 through 6.6, could allow attackers with local... The post CVE-2024-0582: Serious Linux Kernel Bug Opens Door to System Takeovers, PoC Published appeared first on Penetration Testing.

More Trending

article thumbnail

An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections

Security Boulevard

Read more » The post An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections appeared first on Deepfactor. The post An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections appeared first on Security Boulevard.

145
145
article thumbnail

LLM Prompt Injection Worm

Schneier on Security

Researchers have demonstrated a worm that spreads through prompt injection. Details : In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which “poisons” the database of an email assistant using retrieval-augmented generation (RAG) , a way for LLMs to pull in extra data from outside its system.

article thumbnail

YouTube ordered to reveal the identities of video viewers

Malwarebytes

Federal US authorities have asked Google for the names, addresses, telephone numbers, and user activity of accounts that watched certain YouTube videos, according to unsealed court documents Forbes has seen. Of those users that weren’t logged in when they watched those videos between January 1 and 8, 2023, the authorities asked for the IP addresses.

VPN 145
article thumbnail

All about the xz-utils backdoor

Kali Linux

As of 5:00 pm ET on March 29, 2024 the following information is accurate. Should there be updates to this situation, they will be edited onto this blog post. The xz-utils package , starting from versions 5.6.0 to 5.6.1, was found to contain a backdoor (CVE-2024-3094). This backdoor could potentially allow a malicious actor to compromise sshd authentication, granting unauthorized access to the entire system remotely.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

CVE-2023-50969: Critical Flaw in Imperva SecureSphere WAF Could Lead to Devastating Breaches

Penetration Testing

A newly discovered vulnerability in Imperva SecureSphere, a widely used on-premise Web Application Firewall (WAF), has the potential to expose organizations to devastating security breaches. The flaw, designated CVE-2023-50969 with a critical CVSS score... The post CVE-2023-50969: Critical Flaw in Imperva SecureSphere WAF Could Lead to Devastating Breaches appeared first on Penetration Testing.

article thumbnail

Microsoft confirms Windows Server issue behind domain controller crashes

Bleeping Computer

Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. [.

144
144
article thumbnail

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

The Hacker News

RedHat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity.

Software 144
article thumbnail

Burglars Using Wi-Fi Jammers to Disable Security Cameras

Schneier on Security

The arms race continues, as burglars are learning how to use jammers to disable Wi-Fi security cameras.

Internet 325
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook 

NetSpi Technical

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. Note, a pull request containing the proof-of-concept code is forthcoming to provide organizations with sufficient time to patch.

article thumbnail

Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data

Security Boulevard

Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit. The post Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data appeared first on Security Boulevard.

article thumbnail

DroneXtract: A digital forensics suite for DJI drones

Penetration Testing

DroneXtract DroneXtract is a comprehensive digital forensics suite for DJI drones made with Golang. It can be used to analyze drone sensor values and telemetry data, visualize drone flight maps, audit for criminal activity,... The post DroneXtract: A digital forensics suite for DJI drones appeared first on Penetration Testing.

article thumbnail

New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts

Bleeping Computer

Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. [.

Phishing 143
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

Security Affairs

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The threat actors behind this campaign employed previously undetected payloads, including four Golang binaries that are used to automate the discovery and infection of hosts running the above services.

Malware 139
article thumbnail

The ‘AT&T breach’—what you need to know

Malwarebytes

Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for $1 million for a direct sell. Fast forward three years and another threat actor calling themselves MajorNelson has leaked what they say is the same data.

article thumbnail

Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets

The Hacker News

More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show. These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLine stealer malware.

Marketing 139
article thumbnail

Google: Zero-Day Attacks Rise, Spyware and China are Dangers

Security Boulevard

The number of zero-day vulnerabilities that are exploited jumped in 2023, with enterprises becoming a larger target and spyware vendors and China-backed cyberespionage groups playing an increasingly bigger role, according to Google cybersecurity experts. In a report this week, researchers with Google’s Threat Analysis Group (TAG) and its Mandiant business said they saw 97 zero-day.

Spyware 135
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

toolkit: The essential toolkit for reversing, malware analysis, and cracking

Penetration Testing

Indetectables Toolkit This tool compilation is carefully crafted to be useful both for beginners and veterans of the malware analysis world. It has also proven useful for people trying their luck at the cracking... The post toolkit: The essential toolkit for reversing, malware analysis, and cracking appeared first on Penetration Testing.

article thumbnail

Google's new AI search results promotes sites pushing malware, scams

Bleeping Computer

Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. [.

Scams 140
article thumbnail

DinodasRAT Linux variant targets users worldwide

Security Affairs

A Linux variant of the DinodasRAT backdoor used in attacks against users in China, Taiwan, Turkey, and Uzbekistan, researchers from Kaspersky warn. Researchers from Kaspersky uncovered a Linux version of a multi-platform backdoor DinodasRAT that was employed in attacks targeting China, Taiwan, Turkey, and Uzbekistan. DinodasRAT (aka XDealer ) is written in C++ and supports a broad range of capabilities to spy on users and steal sensitive data from a target’s system.

article thumbnail

Here Come the AI Worms

WIRED Threat Level

Security researchers created an AI worm in a test environment that can automatically spread between generative AI agents—potentially stealing data and sending spam emails along the way.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

The Hacker News

Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024.

Hacking 136
article thumbnail

Irony of Ironies: CISA Hacked — ‘by China’

Security Boulevard

Free rides and traffic jams: U.S. Cybersecurity and Infrastructure Security Agency penetrated in February, via vuln in Ivanti. The post Irony of Ironies: CISA Hacked — ‘by China’ appeared first on Security Boulevard.

Hacking 138
article thumbnail

OFFAT: OFFensive Api Tester

Penetration Testing

OWASP OFFAT OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from the openapi specification file. It provides the feature to automatically fuzz inputs and use... The post OFFAT: OFFensive Api Tester appeared first on Penetration Testing.

article thumbnail

Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship

Bleeping Computer

The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. [.

142
142
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.