Cybersecurity
- QNAP QTS zero-day in Share feature gets public RCE exploitwww.bleepingcomputer.com QNAP QTS zero-day in Share feature gets public RCE exploit
An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed.
> An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed.
- Australia Investigates Data Breach at National Electronic Prescriptions Provider; Health Data Potentially Compromisedwww.bitdefender.com Australia Investigates Data Breach at National Electronic Prescriptions Provider; Health Data Potentially Compromised
The Australian government is investigating a large-scale ransomware attack involving MediSecure, a Melbourne-based electronic prescriptions provider.
- SEC Adds New Incident Response Rules for Financial Sectorwww.darkreading.com SEC Adds New Incident Response Rules for Financial Sector
Financial firms covered under new regulations will be required to establish a clear response and communications plan for customer data breaches.
- Ransomware gang targets Windows admins via PuTTy, WinSCP malvertisingwww.bleepingcomputer.com Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising
A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP.
> A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP.
- CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog - RedPacket Securitywww.redpacketsecurity.com CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog - RedPacket Security
CISA Adds Three Known Exploited Vulnerabilities to Catalog
> CISA Adds Three Known Exploited Vulnerabilities to Catalog
- American Radio Relay League cyberattack takes Logbook of the World offlinewww.bleepingcomputer.com American Radio Relay League cyberattack takes Logbook of the World offline
The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World.
> The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World.
- Banking malware Grandoreiro returns after police disruptionwww.bleepingcomputer.com Banking malware Grandoreiro returns after police disruption
The banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks.
> The banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks.
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)www.helpnetsecurity.com Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) - Help Net Security
New versions of Git are out, with fixes for CVE-2024-32002, which can be used to remotely execute code during a "clone" operation.
- Microsoft to start enforcing Azure multi-factor authentication in Julywww.bleepingcomputer.com Microsoft to start enforcing Azure multi-factor authentication in July
Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources.
> Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources.
- Norway recommends replacing SSL VPN to prevent breacheswww.bleepingcomputer.com Norway recommends replacing SSL VPN to prevent breaches
The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
> The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
- Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secretswww.aquasec.com Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets
Our research reveals that personal repositories often expose sensitive corporate data, leading to severe security breaches
- Llama Drama: Critical Flaw in AI Python Package Can Lead to System and Data Compromise (CVE-2024-34359)www.securityweek.com Critical Flaw in AI Python Package Can Lead to System and Data Compromise
A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.
- Russian hackers use new Lunar malware to breach a European govt's agencieswww.bleepingcomputer.com Russian hackers use new Lunar malware to breach a European govt's agencies
Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.
- US AI experts targeted in cyberespionage campaign using SugarGh0st RATwww.csoonline.com US AI experts targeted in cyberespionage campaign using SugarGh0st RAT
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
> Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
- Google patches third exploited Chrome zero-day in a weekwww.bleepingcomputer.com Google patches third exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
> Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
- BreachForums, an online bazaar for stolen data, seized by FBIarstechnica.com BreachForums, an online bazaar for stolen data, seized by FBI
An earlier iteration of the site was taken down last year; now its reincarnation is gone.
cross-posted from: https://lemmy.zip/post/15519717 >> An earlier iteration of the site was taken down last year; now its reincarnation is gone.
- Threat actors misusing Quick Assist in social engineering attacks leading to ransomwarewww.microsoft.com Threat actors misusing Quick Assist in social engineering attacks leading to ransomware | Microsoft Security Blog
Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment.
- Kimsuky hackers deploy new Linux backdoor in attacks on South Koreawww.bleepingcomputer.com Kimsuky hackers deploy new Linux backdoor in attacks on South Korea
The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers.
- Microsoft fixes three zero-day vulnerabilities, two actively exploitedwww.csoonline.com Microsoft fixes three zero-day vulnerabilities, two actively exploited
The company’s Patch Tuesday includes fixes for flaws in Windows Desktop Window Manager, Windows MSHTML, and Visual Studio, among others, that IT security orgs should prioritize.
> The company’s Patch Tuesday includes fixes for flaws in Windows Desktop Window Manager, Windows MSHTML, and Visual Studio, among others, that IT security orgs should prioritize.
- Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reacharstechnica.com Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
- Prison for cybersecurity expert selling private videos from inside 400,000 homeswww.bitdefender.com Prison for cybersecurity expert selling private videos from inside 400,000 homes
A Korean cybersecurity expert has been sentenced to prison for illegally accessing and distributing private videos from vulnerable "wallpad" cameras in 400,000 private households.
> A Korean cybersecurity expert has been sentenced to prison for illegally > accessing and distributing private videos from vulnerable "wallpad" cameras in > 400,000 private households.
- Russian Actors Weaponize Legitimate Services in Multi-Malware Attackwww.infosecurity-magazine.com Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
Recorded Future details a novel campaign that abuses legitimate internet services to deploy multiple malware variants for credential theft
- Log4Shell shows no sign of fading, spotted in 30% of CVE exploitswww.helpnetsecurity.com Log4Shell shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security
Organizations continue to run insecure protocols across their WAN, making it easier for cybercriminals to move across networks.
- Dangerous Google Chrome Zero-Day Allows Sandbox Escapewww.darkreading.com Dangerous Google Chrome Zero-Day Allows Sandbox Escape
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
- Zero-day alert! Apple security updates are out, including 0-day fixes for iOS 16 and macOS 13pducklin.com Zero-day alert! Apple security updates are out, including 0-day fixes for iOS 16 and macOS 13
Plenty of patches for everyone, even if your product doesn’t include the zero-day fix.
- Dell API abused to steal 49 million customer records in data breach | Cybersafe News Dell API abused to steal 49 million customer records in data breachcybersafe.news Dell API abused to steal 49 million customer records in data breach | Cybersafe News Dell API abused to steal 49 million customer records in data breach
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using a partner portal API they accessed as a fake company. Dell had started to send notifications warning customers that their personal data was stolen in a data breach. This data br...
- Microsoft fixes Windows zero-day exploited in QakBot malware attackswww.bleepingcomputer.com Microsoft fixes Windows zero-day exploited in QakBot malware attacks
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
> Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
- Backlogs at National Vulnerability Database prompt action from NIST and CISAwww.csoonline.com Backlogs at National Vulnerability Database prompt action from NIST and CISA
A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases.
> A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases.
- VMware Patches Severe Security Flaws in Workstation and Fusion Productsthehackernews.com VMware Patches Severe Security Flaws in Workstation and Fusion Products
Researchers have uncovered a critical vulnerability in VMware's Bluetooth device, allowing code execution by malicious actors.
> Researchers have uncovered a critical vulnerability in VMware's Bluetooth device, allowing code execution by malicious actors.
- Southeast Asian scam syndicates stealing $64 billion annually, researchers findtherecord.media Southeast Asian scam syndicates stealing $64 billion annually, researchers find
In Cambodia, Laos and Myanmar, the groups are estimated to reap about $43.8 billion each year through scams — some 40 percent of the three nations’ combined formal GDP.
- Malicious Go Binary Delivered via Steganography in PyPIblog.phylum.io Malicious Go Binary Delivered via Steganography in PyPI
On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packe...
- Hackers use DNS tunneling for network scanning, tracking victimswww.bleepingcomputer.com Hackers use DNS tunneling for network scanning, tracking victims
Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.
> Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flawswww.bleepingcomputer.com Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
- CISA Adds Google Chromium Vulnerability (CVE-2024-4671) to Known Exploited Vulnerabilities Catalogwww.cisa.gov Known Exploited Vulnerabilities Catalog | CISA
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal...
- VMware fixes three zero-day bugs exploited at Pwn2Own 2024www.bleepingcomputer.com VMware fixes three zero-day bugs exploited at Pwn2Own 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.
- Apple backports fix for RTKit iOS zero-day to older iPhoneswww.bleepingcomputer.com Apple backports fix for RTKit iOS zero-day to older iPhones
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.
> Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.
- PyPi package backdoors Macs using the Sliver pen-testing suitewww.bleepingcomputer.com PyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.
> A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.
- How Did Authorities Identify the Alleged Lockbit Boss?
> Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.
- Botnet sent millions of emails in LockBit Black ransomware campaignwww.bleepingcomputer.com Botnet sent millions of emails in LockBit Black ransomware campaign
Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.
> Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.
- Cyberthreat landscape permanently altered by Chinese operations, US officials saytherecord.media Cyberthreat landscape permanently altered by Chinese operations, US officials say
The wide-ranging hacking campaign by the state-backed group Volt Typhoon is seen as a prelude of what's to come.