Today's Core Dump is brought to you by ThreatPerspective

Biz & IT Ars Technica

Vulnerability in Cisco Smart Software Manager lets attackers change any user password

Yep, passwords for administrators can be changed, too. Vulnerability in Cisco Smart Software Manager lets attackers change any user password Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with accounts, on Cisco Smart Software Manager On-Prem devi...

Published: 2024-07-17T19:47:38



Biz & IT Ars Technica

Rite Aid says breach exposes sensitive details of 2.2 million customers

Stolen data includes customer names, addresses, birth dates, and driver's license numbers. Rite Aid logo displayed at one of its stores. Rite Aid, the third biggest US drug store chain, said that more than 2.2 million of its customers have been swept into a data breach that stole personal information, including driver's license numbers, addresses, and dates of birth. The company sa...

Published: 2024-07-16T22:09:58



Biz & IT Ars Technica

Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice

Files available on the open source NPM repository underscore a growing sophistication. A cartoon door leads to a wall of computer code. Researchers have determined that two fake AWS packages downloaded hundreds of times from the open source NPM JavaScript repository contained carefully concealed code that backdoored developers' computers when executed. The packages img-aws-s3-obje...

Published: 2024-07-15T20:18:50



Biz & IT Ars Technica

Exim vulnerability affecting 1.5M servers lets attackers attach malicious files

Based on past attacks, it wouldn’t be surprising to see active targeting this time, too. Exim vulnerability affecting 1.5M servers lets attackers attach malicious files More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts, security researchers said. The servers run versions of the Exim mail transfer agent that are vulnerable to a critical vulnerabi...

Published: 2024-07-11T20:47:26



Biz & IT Ars Technica

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it

The goal of the exploits was to open Explorer and trick targets into running malicious code. Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it Threat actors carried out zero-day attacks that targeted Windows users with malware for more than a year before Microsoft fixed the vulnerability that made them possible, researchers said Tuesday. The vulnerability, present in both Windows 10 and ...

Published: 2024-07-10T21:44:12



The Register - Software

Cybercriminals quickly exploit CrowdStrike chaos

Who loves a global outage? Phishers, fraudsters and all manner of creeps Well that was fast. Criminals didn't waste any time taking advantage of the CrowdStrike-Microsoft chaos and quickly got to work phishing organizations and spinning up malicious

Published: 2024-07-19T15:22:07



The Register - Software

Life, interrupted: How CrowdStrike's patch failure is messing up the world

Oh, was it supposed to be Y2K24? Today is one of those days that will go down in history as an unmitigated IT disaster, with CrowdStrike responsible for taking systems down all over the globe. We know airports, hospitals and the usual critical infras

Published: 2024-07-19T14:58:09



The Register - Software

ZDI shames Microsoft for yet another coordinated vulnerability disclosure snafu

'It seems like they really don't have a full grasp of what's going on with this patch' Exclusive A Microsoft zero-day vulnerability that Trend Micro's Zero Day Initiative team claims it found and reported to Redmond in May was disclosed and patched

Published: 2024-07-15T15:00:11



The Verge - Securities

CrowdStrike's faulty update crashed 8.5 million Windows devices, says Microsoft

Vector illustration of the Crowdstrike logo. CrowdStrike’s faulty update caused a worldwide tech disaster that affected 8.5 million Windows devices on Friday, according to Microsoft. Microsoft says that’s “less than one percent of all Windows machines,” but it was enough to create pro...

Published: 2024-07-20T13:20:45



The Verge - Securities

CrowdStrike outage Blue Screen of Death photos from around the world

Global IT Outage Affects Airlines, Banks And Retailers SLC, Utah. Terminal 1 pic.twitter.com/kMRXbXbnQC Guillermo Rauch (@rauchg) July 19, 2024 Everywhere you look: blue screens of death pic.twitter.com/Jh1fdVflTD Morning Brew (@MorningBrew) July 19, 2024 ...

Published: 2024-07-19T14:37:09



The Verge - Securities

CrowdStrike and Microsoft: all the latest news on the global IT outage

Vector illustration of the Crowdstrike logo. A global IT outage grounded flights and resulted in outages at the London Stock Exchange and other systems early Friday morning. Industries ranging from healthcare to banking, air travel, and others are struggling with a global IT outage th...

Published: 2024-07-19T11:56:21



The Verge - Securities

Microsoft on CrowdStrike outage: have you tried turning it off and on? (15 times)

Have you turned it off and on again? That familiar refrain from IT departments and The IT Crowd is being echoed by Microsoft today as a recommended way of fixing the faulty CrowdStrike update that has taken down thousands of Windows PCs and...

Published: 2024-07-19T11:34:40



The Verge - Securities

What is CrowdStrike, and what happened?

An image showing a laptop with “Error” notifications on the screen On Friday morning, some of the biggest airlines, TV broadcasters, banks, and other essential services came to a standstill as a massive outage rippled across the globe. The outage, which has brought the Blue Screen of Death upon legions of ...

Published: 2024-07-19T10:20:02



The Verge - Securities

Here's how IT admins are fixing the Windows Blue Screen of Death chaos

Global IT Outage Affects Airlines, Banks And Retailers IT admins around the world are scrambling to fix a major issue with Windows computers today after a faulty update from cybersecurity provider CrowdStrike knocked thousands of PCs and servers offline with a Blue Screen of Death (BSOD) error....

Published: 2024-07-19T09:24:18



The Verge - Securities

Disney's internal Slack was leaked by hackers mad about AI

The Disney logo over a blue and black background with tiled circles in the style of Disney’s logo. Over a terabyte of data supposedly obtained from Disney’s internal messaging channels has been leaked online by a self-proclaimed “hacktivist group,” including login credentials, code, images, and information about unreleased projects. The ...

Published: 2024-07-16T06:32:44



The Verge - Securities

The FBI says it has gained access to the Trump rally shooter's phone

The FBI has successfully broken into the phone of the man who shot at former President Donald Trump at Saturday’s rally in Butler, Pennsylvania. “FBI technical specialists successfully gained access to Thomas Matthew Crooks’ phone, and the...

Published: 2024-07-15T16:04:11



The Verge - Securities

FBI is working to break into the phone of the Trump rally shooter

The FBI symbol atop a red, black and white background made of seven pointed stars. Investigators are working to break into the phone of the man who shot at former President Donald Trump at a Pennsylvania rally on Saturday. The shooting is being probed as an assassination attempt. The FBI said in a statement that it had o...

Published: 2024-07-15T12:03:59



The Verge - Securities

Google is reportedly planning its biggest startup acquisition ever

Image of the Google “G” logo on a blue, black, and purple background. Google is considering spending $23 billion to buy Wiz, a cloud cybersecurity startup with partners that include Amazon and Oracle, reports The Wall Street Journal. At close to twice what it spent for Motorola Mobility in 2012, it would be t...

Published: 2024-07-14T22:39:05



BleepingComputer

UK arrests suspected Scattered Spider hacker linked to MGM attack

UK police have arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective. [...]

Published: 2024-07-20T15:05:35



BleepingComputer

MediSecure: Ransomware gang stole data of 12.9 million people

MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack. [...]

Published: 2024-07-19T13:05:30



BleepingComputer

Russians plead guilty to involvement in LockBit ransomware attacks

Two Russian individuals admitted to participating in many LockBit ransomware attacks, which targeted victims worldwide and across the United States. [...]

Published: 2024-07-19T07:31:03



BleepingComputer

Revolver Rabbit gang registers 500,000 domains for malware campaigns

A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems. [...]

Published: 2024-07-18T17:30:28



BleepingComputer

Critical Cisco bug lets hackers add root users on SEG devices

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. [...]

Published: 2024-07-18T08:48:31



Threat Intelligence

APT41 Has Arisen From the DUST

Written by: Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, Jonathan Lepore Executive Summary In collaboration with Google’s Threat Analysis Group (TAG), Mandiant has observed a sustained campaign by the

Published: 2024-07-18T10:00:00



Threat Intelligence

Scaling Up Malware Analysis with Gemini 1.5 Flash

gemini-for-malware-analysis-part2-fig9 Written by:Bernardo Quintero, Founder of VirusTotal and Security Director, Google Cloud SecurityAlex Berry, Security Manager of the Mandiant FLARE Team, Google Cloud SecurityIlfak Guilfanov, author of IDA Pro and CTO, Hex-RaysVijay Bolina, Chief Info...

Published: 2024-07-15T14:00:00



Threat Intelligence

Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO

Written by: John Hultquist As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges the cyber threat. The Alliance faces a barrage of mali

Published: 2024-07-08T14:00:00



ProPublica

The President Ordered a Board to Probe a Massive Russian Cyberattack. It Never Did.

by Craig Silverman ProPublica is a nonprofit newsroom t

Published: 2024-07-08T05:00:00



Krebs on Security

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Expe...

Published: 2024-07-15T15:24:46



Krebs on Security

Microsoft Patch Tuesday, July 2024 Edition

Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against ...

Published: 2024-07-09T19:50:33



The Register - Security

UK cops arrest teen suspect in MGM Resorts cyberattack probe

17-year-old cuffed as FBI says it will 'relentlessly pursue' miscreants around the globe Cops in the UK have arrested a suspected member of the notorious Scattered Spider crime gang, which is accused of crippling MGM Resorts in Las Vegas with ransomware last summer.

Published: 2024-07-19T21:51:06



The Register - Security

CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear

Our vultures gather to review this very freaky Friday Kettle If you're an IT administrator with Windows boxes on your network, Friday can't have been a lot of fun. What's likely millions of systems were or still are stuck in blue-screen boot loop hell, mostly requiring manual intervention to fix.

Published: 2024-07-19T17:54:07



The Register - Security

CrowdStrike file update bricks Windows machines around the world

Falcon Sensor putting hosts into deathloop - but there's a workaround Updated An update to a product from infosec vendor CrowdStrike is bricking computers running Windows globally.

Published: 2024-07-19T06:46:32



The Register - Security

North Korea likely behind takedown of Indian crypto exchange WazirX

Firm halts trades after seeing $230 million disappear Indian crypto exchange WazirX has revealed it lost virtual assets valued at over $230 million after a cyber attack that has since been linked to North Korea.

Published: 2024-07-19T05:59:07



The Register - Security

Beijing's attack gang Volt Typhoon was a false flag inside job conspiracy: China

Run by the NSA, the FBI, and Five Eyes nations, who fooled infosec researchers, apparently China has wildly claimed the Volt Typhoon gang, which Five Eyes nations accuse of being a Beijing-backed attacker that targets critical infrastructure, was in fact made up by the US intelligence community.

Published: 2024-07-19T05:09:48



The Register - Security

Judge mostly drags SEC's lawsuit against SolarWinds into the recycling bin

Russia-invaded software biz 'grateful for the support we have received' A judge has mostly thrown out a lawsuit brought by America's financial watchdog that accused SolarWinds and its chief infosec officer of misleading investors about its computer security practices and the backdooring of its Orion product.

Published: 2024-07-18T21:06:49



The Register - Security

Kaspersky challenges US government to put up or shut up about Kremlin ties

Stick an independent probe in our software, you won't find any Putin.DLL backdoor Kaspersky has hit back after the US government banned its products by proposing an independent verification that its software is above board and not backdoored by the Kremlin.

Published: 2024-07-18T16:29:05



The Register - Security

Russia's FIN7 is peddling its EDR-nerfing malware to ransomware gangs

Major vendors' products scuppered by novel techniques Prolific Russian cybercrime syndicate FIN7 is using various pseudonyms to sell its custom security solution-disabling malware to different ransomware gangs.

Published: 2024-07-18T13:40:24



The Register - Security

Maximum-severity Cisco vulnerability allows attackers to change admin passwords

You re going to want to patch this one Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins.

Published: 2024-07-18T10:37:09



The Register - Security

Firms skip security reviews of major app updates about half the time

Complicated, costly, time-consuming pick three Updated Cybersecurity workers review major updates to software applications only 54 percent of the time, according to a poll of tech managers.

Published: 2024-07-18T07:28:07



The Register - Security

Release the hounds! Securing datacenters may soon need sniffer dogs

Nothing else can detect attackers with implants designed to foil physical security Sniffer dogs may soon become a useful means of improving physical security in datacenters, as increasing numbers of people are adopting implants like NFC chips that have the potential to enable novel attacks on access control tools.

Published: 2024-07-18T00:54:10



The Register - Security

Merged Exabeam and LogRhythm cut jobs, face lawsuit

Unconfirmed reports suggest 30 percent reduction in headcount Exabeam and LogRhythm a pair of cyber security firms finalized their merger on Wednesday, an occasion The Register understands was marked by swift job cuts and shareholder action to investigate the transaction.

Published: 2024-07-17T23:27:13



The Register - Security

Kaspersky gives US customers six months of free updates as a parting gift

So long, farewell, do svidaniya, goodbye Updated Embattled Russian infosec shop Kaspersky is giving US customers six months of security updates for free as a parting gift as Uncle Sam kicks the antivirus maker out of the American market.

Published: 2024-07-17T18:20:07



The Register - Security

Ransomware continues to pile on costs for critical infrastructure victims

Millions more spent without any improvement in recovery times Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations skyrocketed in the past year.

Published: 2024-07-17T15:01:13



The Register - Security

London council accuses watchdog of 'exaggerating' danger of 2020 raid on residents' data

You escaped a big fat fine! Take the win and run, won't you? London's inner city district of Hackney says the UK's data protection watchdog has misunderstood and "exaggerated" details surrounding a ransomware attack on its systems in 2020.

Published: 2024-07-17T11:45:06



The Register - Security

Craig Wright admits he isn't the inventor of Bitcoin after High Court judgment in UK

Aussie definitely not Satoshi Nakamoto, faces 6M legal bill and possible perjury trial Australian Craig Wright has finally admitted he is not the inventor of Bitcoin after losing several cases in the High Court of England and Wales, whose judge has suggested he be investigated for perjury.

Published: 2024-07-17T07:33:05



The Register - Security

Iran's MuddyWater phishes Israeli orgs with custom BugSleep backdoor

India, Turkey, also being targeted by campaign that relies on corporate email compromise MuddyWater, an Iranian government-backed cyber espionage crew, has upgraded its malware with a custom backdoor, which it's used to target Israeli organizations.

Published: 2024-07-17T00:00:51



The Register - Security

Cyber-crime super-crew Scattered Spider falls in love with RansomHub and Qilin

Extortionists left hanging after rivals crawled into the woodwork The Scattered Spider cybercrime group is now using RansomHub and Qilin ransomware variants in its attacks, illustrating a possible power shift among hacking groups.

Published: 2024-07-16T18:05:11



The Register - Security

Don't be complacent on cybersecurity resilience

Read the 2024 Cisco Cybersecurity Readiness Index for tips on how best to prepare Sponsored Post Protecting sensitive data and mission-critical applications, systems and services from the unwanted attention of hackers and cyber criminals is never easy.

Published: 2024-07-16T14:21:13



The Register - Security

Privacy warriors gripe to UK watchdog about Meta harvesting user data to train AI

Move follows Instagram and Facebook giant's decision to reverse direction in EU after protests A UK data rights campaign group has launched a complaint with the data law regulator against Meta's change of privacy policy which allows it to scrape user data to develop AI models.

Published: 2024-07-16T11:25:59



The Register - Security

FBI gains access to Trump rally shooter's phone

Hasn't said how it did it, but has form cracking devices The FBI on Monday revealed it has gained access to a phone it says was used by Thomas Matthew Crooks the man who shot at and wounded former US president Donald Trump on July 13 in an apparent failed assassination attempt.

Published: 2024-07-16T03:16:30



The Register - Security

Kaspersky culls staff, closes doors in US amid Biden's ban

After all we've done for you, America, sniffs antivirus lab Kaspersky has confirmed it will shutter its American operations and cut US-based jobs following President Biden's ban on the Russian business last month.

Published: 2024-07-15T21:32:15



The Register - Security

ZDI shames Microsoft for yet another coordinated vulnerability disclosure snafu

'It seems like they really don't have a full grasp of what's going on with this patch' Exclusive A Microsoft zero-day vulnerability that Trend Micro's Zero Day Initiative team claims it found and reported to Redmond in May was disclosed and patched by the Windows giant in July's Patch Tuesday but without any credit given to ZDI.

Published: 2024-07-15T15:00:11



The Register - Security

Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms

Company keeps quiet amid high-profile compromises Security researchers are claiming a spate of DNS hijackings at web3 businesses is linked to Squarespace's acquisition of Google Domains last year.

Published: 2024-07-15T13:45:13



The Register - Security

Google reportedly in talks to buy infosec outfit Wiz for $23 billion

The security industry has never had a clear leader could it be the Chocolate Factory? Ask any techie to name who leads the market for OSes, databases, networks or ERP and the answers are clear: Microsoft, Oracle, Cisco, and SAP.

Published: 2024-07-15T04:39:35



The Register - Security

I spy another mSpy breach: Millions more stalkerware buyers exposed

Also: Velops routers love plaintext; everything is a dark pattern; Internet Explorer rises from the grave, and more Infosec in brief Commercial spyware maker mSpy has been breached again and millions of purchasers can be identified from the spilled records.

Published: 2024-07-15T02:01:14



The Register - Security

UK cyber-boss slams China's bug-hoarding laws

Plus: Japanese scientists ID ancient supernova; AWS dismisses China trouble rumor; and more ASIA IN BRIEF The interim CEO of the UK's National Cyber Security Centre (NCSC) has criticized China's approach to bug reporting.

Published: 2024-07-15T00:03:38



The Register - Security

Three words to send a chill down your spine: Snowflake. Intrusion. Alert

And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical Kettle For this week's Kettle episode, in which our journos as usual get together for an end-of-week chat about the news, it's security, security, security.

Published: 2024-07-13T15:04:12



The Register - Security

Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack

15K dealerships take estimated $600M+ hit CDK Global reportedly paid a $25 million ransom in Bitcoin after its servers were knocked offline by crippling ransomware.

Published: 2024-07-12T23:53:31



The Register - Security

White House urged to double check Microsoft isn't funneling AI to China via G42 deal

Windows maker insisted everything will be locked down and secure which given its reputation, uh-oh! Two House committee chairs have sent a public letter to the White House asking it to look into a deal between AI R&D outfit G42 and Microsoft.

Published: 2024-07-12T20:22:09



The Register - Security

CISA broke into a US federal agency, and no one noticed for a full 5 months

Red team exercise revealed a score of security fails The US Cybersecurity and Infrastructure Security Agency (CISA) says a red team exercise at a certain unnamed federal agency in 2023 revealed a string of security failings that exposed its most critical assets.

Published: 2024-07-12T18:01:08



The Register - Security

Call, text logs for 110M AT&T customers stolen from compromised cloud storage

Snowflake? Snowflake AT&T has admitted that cyberattackers grabbed a load of its data for the second time this year, and if you think the first haul was big, you haven't seen anything: This latest one includes data on "nearly all" AT&T wireless customers - and those served by mobile virtual network operators (MVNOs) running on AT&T's network.

Published: 2024-07-12T14:09:27



The Register - Security

Singapore's banks to ditch texted one-time passwords

Accessibility be damned, preventing phishing is the priority After around two decades of allowing one-time passwords (OTPs) delivered by text message to assist log ins to bank accounts in Singapore, the city-state will abandon the authentication technique.

Published: 2024-07-12T03:30:10



The Register - Security

China's APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox

Meet DodgeBox, son of StealthVector Chinese government-backed cyber espionage gang APT41 has very likely added a loader dubbed DodgeBox and a backdoor named MoonWalk to its malware toolbox, according to cloud security service provider Zscaler's ThreatLabz research team.

Published: 2024-07-12T01:29:11



The Register - Security

'Gay furry hackers' say they've disbanded after raiding Project 2025's Heritage Foundation

Ultra-conservative org funnily enough not ready to turn the other cheek After claiming to break into a database belonging to The Heritage Foundation, and then leaking 2GB of files belonging to the ultra-conservative think tank, the hacktivist crew SiegedSec says it has disbanded.

Published: 2024-07-12T00:22:14



The Register - Security

OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable

Newly discovered flaw affects OpenSSH 8.7 and 8.8 daemon The founder of Openwall has discovered a new signal handler race condition in the core sshd daemon used in RHEL 9.x and its various offshoots.

Published: 2024-07-11T19:13:08



The Register - Security

Advance Auto Parts: 2.3M people's data accessed when crims broke into our Snowflake account

Letters from CISO Ethan Steiger suggest the data related to job applications Advance Auto Parts' CISO just revealed for the first time the number of individuals affected when criminals broke into its Snowflake instance a hefty 2.3 million.

Published: 2024-07-11T13:15:07



The Register - Security

Privacy expert put away for 9 years after 'grotesque' cyberstalking campaign

Scumbag targeted many victims and those who tried to help them A scumbag who used to work as a privacy consultant has been put behind bars for nine years for a "grotesque" cyberstalking campaign against more than a dozen victims.

Published: 2024-07-11T10:29:07



The Register - Security

You had a year to patch this Veeam flaw and now it's going to hurt some more

LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware Yet another new ransomware gang, this one dubbed EstateRansomware, is now exploiting a Veeam vulnerability that was patched more than a year ago to deploy file-encrypting malware, a LockBit variant, and extort payments from victims.

Published: 2024-07-11T07:28:13



The Register - Security

Japanese space agency spotted zero-day attacks while cleaning up raid on M365

Multiple malware assault saw personal data accessed, rocket science remained safe The Japanese Space Exploration Agency (JAXA) discovered it was under attack using zero-day exploits while working with Microsoft to probe a 2023 cyberattack on its systems.

Published: 2024-07-11T05:31:58



The Register - Security

Snowflake lets admins make MFA mandatory across all user accounts

Company announces intent following Ticketmaster, Santander break-ins A month after incident response giant Mandiant suggested the litany of data thefts linked to Snowflake account intrusions had the common component of lacking multi-factor authentication (MFA) controls, the cloud storage and data analytics company is offering a mandatory MFA option to admins.

Published: 2024-07-10T16:45:14



The Register - Security

Malware that is 'not ransomware' wormed its way through Fujitsu Japan's systems

IT giant says data exfiltration was extremely difficult to detect Fujitsu Japan says an unspecified "advanced" malware strain was to blame for a March data theft, insisting the strain was "not ransomware", yet it hasn't revealed how many individuals are affected.

Published: 2024-07-10T13:47:06



The Register - Security

Ransomware crews investing in custom data stealing malware

BlackByte, LockBit among the criminals using bespoke tools As ransomware crews increasingly shift beyond just encrypting victims' files and demanding a payment to unlock them, instead swiping sensitive info straight away, some of the more mature crime organizations are developing custom malware for their data theft.

Published: 2024-07-10T10:00:15



The Register - Security

Big Tech's eventual response to my LLM-crasher bug report was dire

Fixes have been made, it appears, but disclosure or discussion is invisible Column Found a bug? It turns out that reporting it with a story in The Register works remarkably well ... mostly. After publication of my "Kryptonite" article about a prompt that crashes many AI chatbots, I began to get a steady stream of emails from readers many times the total of all reader emails I'd received in the previous decade.

Published: 2024-07-10T07:25:06



The Register - Security

ViperSoftX variant spotted abusing .NET runtime to disguise data theft

Freeware AutoIt also used to hide entire PowerShell environments in scripts A rapidly-changing infostealer malware known as ViperSoftX has evolved to become more dangerous, according to security researchers at threat detection vendor Trellix.

Published: 2024-07-10T06:26:11



The Register - Security

RADIUS networking protocol blasted into submission through MD5-based flaw

If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed Cybersecurity experts at universities and Big Tech have disclosed a vulnerability in a common client-server networking protocol that allows snoops to potentially bypass user authentication via man-in-the-middle (MITM) attacks.

Published: 2024-07-10T03:15:37



The Register - Security

Critical Windows licensing bugs plus two others under attack top Patch Tuesday

Citrix, SAP also deserve your attention because miscreants are already thinking about Exploit Wednesday Patch Tuesday Clear your Microsoft system administrator's diary: The bundle of fixes in Redmond's July Patch Tuesday is a doozy, with at least two bugs under active exploitation.

Published: 2024-07-10T00:59:17



The Register - Security

FBI, cyber-cops zap ~1K Russian AI disinfo Twitter bots

RT News snarks back after it's accused of building social nyet-work for Kremlin The FBI and cybersecurity agencies in Canada and the Netherlands say they have taken down an almost 1,000-strong Twitter bot farm set up by Russian state-run RT News that used generative AI to spread disinformation to Americans and others.

Published: 2024-07-09T23:35:28



The Register - Security

Elexon's Insight into UK electricity felled by expired certificate

Understanding the power needs of the UK begins with knowing when renewals are due Certificate Watch Demonstrating that Microsoft is not alone in its inability to keep track of certificates is UK power market biz Elexon.

Published: 2024-07-09T14:01:13



The Register - Security

Evolve Bank & Trust confirms LockBit stole 7.6 million people's data

Making cyberattack among the largest ever recorded in finance industry Evolve Bank & Trust says the data of more than 7.6 million customers was stolen during the LockBit break-in in late May, per a fresh filing with Maine's attorney general.

Published: 2024-07-09T13:52:32



Security Latest

The Feds Say These Are the Russian Hackers Who Attacked US Water Utilities

Plus: The FBI unlocks the Trump shooter’s phone, a security researcher gets legal threats for exposing hackable traffic lights, and more.

Published: 2024-07-20T10:30:00



Security Latest

Don’t Fall for CrowdStrike Outage Scams

Swindlers are spinning up bogus websites in an attempt to dupe people with “CrowdStrike support” scams following the security firm's catastrophic software update.

Published: 2024-07-19T22:19:42



Security Latest

How One Bad CrowdStrike Update Crashed the World’s Computers

A defective CrowdStrike update sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.

Published: 2024-07-19T14:46:19



Security Latest

Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World

A software update from cybersecurity company CrowdStrike appears to have inadvertently disrupted IT systems globally.

Published: 2024-07-19T08:40:01



Security Latest

J.D. Vance Left His Venmo Public. Here’s What It Shows

The Republican VP nominee's Venmo network reveals connections ranging from the architects of Project 2025 to enemies of Donald Trump and the populist's close ties to the very elites he rails against.

Published: 2024-07-18T17:02:36



Security Latest

Alleged ‘Maniac Murder Cult’ Leader Indicted Over Plot to Kill Jews

US prosecutors have charged Michail Chkhikvishvili, also known as “Commander Butcher,” with a litany of crimes, including alleged attempts to poison Jewish children in NYC.

Published: 2024-07-17T22:02:50



Security Latest

The US Supreme Court Kneecapped US Cyber Strategy

After the Supreme Court limited the power of federal agencies to craft regulations, it’s likely up to Congress to keep US cybersecurity policy intact.

Published: 2024-07-17T10:00:00



Security Latest

Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages

A hacker group called “NullBulge” says it stole more than a terabyte of Disney’s internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art.

Published: 2024-07-15T21:10:24



Security Latest

US Senators Secretly Work to Block Safeguards Against Surveillance Abuse

Senator Mark Warner is trying to pass new limits on when the government can wiretap Americans. At least two senators are quietly trying to stop him.

Published: 2024-07-15T17:48:33



Security Latest

AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records

A security researcher who assisted with the deal says he believes the only copy of the complete dataset of call and text records of “nearly all” AT&T customers has been wiped but some risks may remain.

Published: 2024-07-14T17:57:27



Security Latest

Spyware Users Exposed in Major Data Breach

Plus: The Heritage Foundation gets hacked over Project 2025, a car dealership software provider seems to have paid $25 million to a ransomware gang, and authorities disrupt a Russian bot farm.

Published: 2024-07-13T10:30:00



Security Latest

The Sweeping Danger of the AT&T Phone Records Breach

Telecom giant AT&T says a major data breach has exposed the call and text records of “nearly all” of its customers, epitomizing the dire state of data security.

Published: 2024-07-12T17:44:16



Security Latest

Pressure Grows in Congress to Treat Crypto Investigator Tigran Gambaryan, Jailed in Nigeria, as a Hostage

A new resolution echoes what 16 members of Congress have already said to the White House: It must do more to free one of the most storied crypto-focused federal agents in history.

Published: 2024-07-11T19:58:01



Security Latest

Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison

The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million.

Published: 2024-07-11T16:37:09



Security Latest

Google Is Adding Passkey Support for Its Most Vulnerable Users

Google is bringing the password-killing “passkey” tech to its Advanced Protection Program users more than a year after rolling them out broadly.

Published: 2024-07-10T10:00:00



Security Latest

The $11 Billion Marketplace Enabling the Crypto Scam Economy

Deepfake scam services. Victim data. Electrified shackles for human trafficking. Crypto tracing firm Elliptic found all were available for sale on an online marketplace linked to Cambodia’s ruling family.

Published: 2024-07-10T07:00:00



Security Latest

AI-Powered Super Soldiers Are More Than Just a Pipe Dream

The US military has abandoned its half-century dream of a suit of powered armor in favor of a “hyper enabled operator,” a tactical AI assistant for special operations forces.

Published: 2024-07-08T10:00:00



Security Latest

Hackers Leaking Taylor Swift Tickets? Don’t Get Your Hopes Up

Plus: Researchers uncover a new way to expose CSAM peddlers, OpenAI suffered a secret cyberattack, cryptocurrency thefts jump in 2024, and Twilio confirms hackers stole 33 million phone numbers.

Published: 2024-07-06T10:30:00



The Hacker News

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of providing a hotfix. The attack chains involve distributing a ZIP archive file named "crowdstrike-hotfix.zip,"

Published: 2024-07-20T21:31:00



The Hacker News

17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K.

Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made "in connection with a global cyber online crime group which has been targeting large organizations with ransomware and gaining access to computer networks," West Midlands police said. "The arrest is part of

Published: 2024-07-20T09:58:00



The Hacker News

Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide

Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," the company's CEO George Kurtz said in a statement. "Mac and Linux hosts are not impacted. This is

Published: 2024-07-19T18:08:00



The Hacker News

Two Russian Nationals Plead Guilty in LockBit Ransomware Attacks

Two Russian nationals have pleaded guilty in a U.S. court for their participation as affiliates in the LockBit ransomware scheme and helping facilitate ransomware attacks across the world. The defendants include Ruslan Magomedovich Astamirov, 21, of Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario. Astamirov was arrested in Arizona by U.S. law

Published: 2024-07-19T18:00:00



The Hacker News

Safeguard Personal and Corporate Identities with Identity Intelligence

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In the current cyber threat landscape, the protection of personal and corporate identities has become vital.

Published: 2024-07-19T16:30:00



The Hacker News

Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware

A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. These attacks, attributed to an activity cluster codenamed OilAlpha, entail a new set of malicious mobile apps that come with their own supporting infrastructure, Recorded Future's Insikt Group said. Targets of the ongoing campaign

Published: 2024-07-19T14:59:00



The Hacker News

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K.

Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a "sustained campaign" by the prolific China-based APT41 hacking group. "APT41 successfully infiltrated and maintained prolonged, unauthorized access to numerous victims' networks since

Published: 2024-07-19T12:54:00



The Hacker News

Summary of "AI Leaders Spill Their Secrets" Webinar

Event Overview The "AI Leaders Spill Their Secrets" webinar, hosted by Sigma Computing, featured prominent AI experts sharing their experiences and strategies for success in the AI industry. The panel included Michael Ward from Sardine, Damon Bryan from Hyperfinity, and Stephen Hillian from Astronomer, moderated by Zalak Trivedi, Sigma Computing's Product Manager. Key Speakers and Their

Published: 2024-07-19T12:50:00



The Hacker News

SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 13 vulnerabilities, eight are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining five weaknesses have been rated High in severity, with four of them having a CVSS

Published: 2024-07-19T12:43:00



The Hacker News

WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million," the company said in a statement. "This wallet was operated utilizing the services of Liminal's digital asset custody and

Published: 2024-07-19T09:37:00



The Hacker News

Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver

Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous installer ("HotPage.exe"), according to new findings from ESET, which

Published: 2024-07-18T18:56:00



The Hacker News

AppSec Webinar: How to Turn Developers into Security Champions

Let's face it: AppSec and developers often feel like they're on opposing teams. You're battling endless vulnerabilities while they just want to ship code. Sound familiar? It's a common challenge, but there is a solution. Ever wish they proactively cared about security? The answer lies in a proven, but often overlooked, strategy: Security Champion Programs a way to turn developers from

Published: 2024-07-18T17:15:00



The Hacker News

Automated Threats Pose Increasing Risk to the Travel Industry

As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry’s web traffic in 2023 a significant jump from 37.4% in 2022. 

Published: 2024-07-18T16:30:00



The Hacker News

SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks

Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers

Published: 2024-07-18T15:03:00



The Hacker News

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America,

Published: 2024-07-18T14:40:00



The Hacker News

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban

Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the

Published: 2024-07-18T11:44:00



The Hacker News

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper

Published: 2024-07-18T11:31:00



The Hacker News

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named "MiroTalk.dmg" that mimics the legitimate video call service of the same name,

Published: 2024-07-17T21:57:00



The Hacker News

Navigating Insider Risks: Are your Employees Enabling External Threats?

Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway to email, bank accounts, stocks,

Published: 2024-07-17T16:39:00



The Hacker News

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a security dodging tool known to be used by ransomware groups like AvosLocker, Black Basta, BlackCat, LockBit, and Trigona. "AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been

Published: 2024-07-17T16:03:00



The Hacker News

China-linked APT17 Targets Italian Companies with 9002 RAT Malware

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second

Published: 2024-07-17T14:17:00



The Hacker News

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft. It also has a history of

Published: 2024-07-17T11:20:00



The Hacker News

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are

Published: 2024-07-17T10:55:00



The Hacker News

'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins

Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety the Russian word for Candy owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds. "Konfety represents a new form of

Published: 2024-07-16T18:30:00



The Hacker News

Threat Prevention & Detection in SaaS Environments - 101

Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.  According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and

Published: 2024-07-16T16:30:00



The Hacker News

Malicious npm Packages Found Using Image Files to Hide Backdoor Code

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. "They

Published: 2024-07-16T15:39:00



The Hacker News

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks

The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management (RMM) software for maintaining persistent access. That's according to independent findings from cybersecurity firms Check Point and Sekoia, which have

Published: 2024-07-16T14:43:00



The Hacker News

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer

An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-May 2024, said the vulnerability tracked as CVE-2024-38112 was used as part of a multi-stage

Published: 2024-07-16T14:30:00



The Hacker News

Kaspersky Exits U.S. Market Following Commerce Department Ban

Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect. It's also

Published: 2024-07-16T09:46:00



The Hacker News

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open

Published: 2024-07-16T09:31:00



The Hacker News

GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF). JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub. "This case was

Published: 2024-07-15T21:48:00



The Hacker News

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn’t it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that’s basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we

Published: 2024-07-15T16:22:00



The Hacker News

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool

A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a tenfold surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source

Published: 2024-07-15T15:54:00



The Hacker News

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on July 9, 2024. "Customers who have activated their digital

Published: 2024-07-15T12:49:00



The Hacker News

New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection

Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis. "The passphrase needs to be provided during

Published: 2024-07-15T10:40:00



The Hacker News

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T's wireless network. "Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated

Published: 2024-07-13T11:21:00



The Hacker News

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. Targets included North

Published: 2024-07-12T20:21:00



The Hacker News

Australian Defence Force Private and Husband Charged with Espionage for Russia

Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media reports have identified them as Kira Korolev and Igor Korolev,

Published: 2024-07-12T17:54:00



The Hacker News

Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility and vulnerability. Most people don't realize their credentials have been compromised until the damage is done. Imagine waking up to drained bank accounts, stolen identities, or a company's

Published: 2024-07-12T16:25:00



The Hacker News

Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass

Published: 2024-07-12T16:21:00



The Hacker News

U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation

The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. "The social media bot farm used elements of AI to create fictitious social media profiles often purporting to belong to individuals in the

Published: 2024-07-12T14:00:00



The Hacker News

Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication

Published: 2024-07-11T20:49:00



The Hacker News

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply

Published: 2024-07-11T20:36:00



The Hacker News

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk

The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector which is also referred to as DUSTPAN has been designated DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in

Published: 2024-07-11T18:01:00



The Hacker News

Streamlined Security Solutions: PAM for Small to Medium-sized Businesses

Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers. However, this assumption is precarious, as cybercriminals frequently exploit

Published: 2024-07-11T16:30:00



The Hacker News

New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense. "The majority of the custom code in the malware appears to be focused on anti-analysis,

Published: 2024-07-11T15:42:00



The Hacker News

PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It

Published: 2024-07-11T10:49:00



The Hacker News

GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user. Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to

Published: 2024-07-11T09:21:00



The Hacker News

New Ransomware Group Exploiting Veeam Backup Software Vulnerability

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities. Initial access to the target

Published: 2024-07-10T18:36:00



The Hacker News

Smash-and-Grab Extortion

The Problem The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are:  53% of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zero-days. More mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities.

Published: 2024-07-10T17:00:00



Security Affairs

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the flaws added to the KEV catalog: […]

Published: 2024-07-21T08:28:59



Security Affairs

Threat actors attempted to capitalize CrowdStrike incident

CrowdStrike warns that threat actors are exploiting the recent IT outage caused by their faulty update to distribute Remcos RAT malware. CrowdStrike spotted threat actors attempting to benefit from the recent IT outage caused by the faulty update of the cybersecurity firm to distribute Remcos RAT malware. The threat actors attempted to distribute the Remcos […]

Published: 2024-07-20T17:17:53



Security Affairs

Russian nationals plead guilty to participating in the LockBit ransomware group

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation. The LockBit ransomware operation has been active since January 2020, the group hit […]

Published: 2024-07-20T04:43:44



Security Affairs

MediSecure data breach impacted 12.9 million individuals

Personal and health information of 12.9 million individuals was exposed in a ransomware attack on Australian digital prescription services provider MediSecure. MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia. In May, the company was forced to shut down its website and phone lines following […]

Published: 2024-07-19T20:40:03



Security Affairs

CrowdStrike update epic fail crashed Windows systems worldwide

Windows machines worldwide displayed BSoD screen following a faulty update pushed out by cybersecurity firm CrowdStrike. A faulty update released by CrowdStrike Falcon is causing Windows systems to display a BSoD screen. The incident is causing widespread global disruptions, impacting critical infrastructure such as airports, hospitals, and TV stations. The company confirmed that the incident […]

Published: 2024-07-19T15:10:52



Security Affairs

Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users

Cisco has addressed a critical vulnerability that could allow attackers to add new root users to Security Email Gateway (SEG) appliances. Cisco fixed a critical vulnerability, tracked as CVE-2024-20401 (CVSS score 9.8), that could allow unauthenticated, remote attackers to add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances. The flaw […]

Published: 2024-07-19T08:34:52



Security Affairs

SAPwned flaws in SAP AI core could expose customers’ data

Researchers discovered security flaws in SAP AI Core cloud-based platform that could expose customers’ data. Cybersecurity researchers at Wiz uncovered five security flaws, collectively tracked as SAPwned, in the SAP AI Core cloud-based platform. An attacker can exploit the flaws to obtain access tokens and customer data. SAP AI Core, developed by SAP, is a cloud-based platform providing the […]

Published: 2024-07-18T14:18:45



Security Affairs

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums. FIN7 developed a tool called AvNeutralizer (also known as AuKill) that can bypass […]

Published: 2024-07-18T11:03:41



Security Affairs

How to Protect Privacy and Build Secure AI Products

AI systems are transforming technology and driving innovation across industries. How to protect privacy and build secure AI products? How to Protect Privacy and Build Secure AI Products AI systems are transforming technology and driving innovation across industries. However, their unpredictability raises significant concerns about data security and privacy. Developers struggle to ensure the integrity […]

Published: 2024-07-18T09:23:56



Security Affairs

A critical flaw in Cisco SSM On-Prem allows attackers to change any user’s password

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user’s password. Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password. The issue […]

Published: 2024-07-17T23:03:16



News Packet Storm

Judge Mostly Tosses SEC Lawsuit Against SolarWinds

North Korea May Have Hacked Crypto Exchange WazirX

SAP AI Core Flaws Show Risks Of Training AI In Shared Environments

Seems Like CrowdStrike Caused A Global BSOD?

MarineMax Notifying 123,000 Of Data Breach

Recent Adobe Commerce Vulnerability Exploited In Wild

Pentagon Leaker Jack Teixeira To Face Military Court-Martial

Malware Scammers Gearing Up For 2024 Summer Olympics

Vulnerability In Cisco Smart Software Manager Lets Attacker Change Any User Password

FIN7 Is Peddling EDR-Nerfing Malware To Ransomware Operators

Iran Phishes Israeli Orgs With Custom BugSleep Backdoor

Ransomware Continues To Pile On Costs For Critical Infrastructure Victims

Atlassian Patches High Severity Vulns In Bamboo, Confluence, Jira

Rite Aid Says Hack Impacts 2.2 Million People

APT Exploits Windows Zero-Day To Execute Code Via Disabled Internet Explorer

Organizations Warned Of Exploited GeoServer Vulnerability

Case Of Man Who Falsely Claimed To Be Bitcoin Inventor Referred To CPS

New Phishing Tactic Hijacks Email Protections To Mask Links

Trojan Source Flaw Could Result In Covert App Poisoning

Kaspersky Culls Staff, Closes Doors In US Amid Biden's Ban

Infoseccers Claim Squarespace Migration Linked To DNS Hijackings At Web3 Firms

Google Reportedly In Talked To Buy Infosec Outfit Wiz For $23 Billion

5 Questions To Ask About The Latest News Surrounding The AT&T Breach

ZDI Shames MS For Yet Another Coordinated Vuln Disclosure Snafu

SCOTUS Ruling May Still Impact Net Neutrality

SecurityWeek

CrowdStrike Provides Remediation Guidance After Software Update Causes Worldwide IT ChaosIndustry Moves for the week of July 15, 2024 - SecurityWeek

CrowdStrike Says Logic Error Caused Windows BSOD Chaos

Judge Dismisses Major SEC Charges Against SolarWinds and CISO

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm

CoSAI: Tech Giants Form Coalition for Secure AI

In Other News: Summer Olympics Threats, Funding Soars, Trump Shooter’s Phone Hacked

MediSecure Data Breach Impacts 12.9 Million Individuals

SolarWinds Patches Critical Vulnerabilities in Access Rights Manager

Bad CrowdStrike Update Linked to Major IT Outages Worldwide

$300,000 Offered for WhatsApp Exploit at Pwn2Own Ireland

CISA News

CISA Announces Key Leadership Appointments in Cybersecurity and Stakeholder Engagement

CISA Releases Playbook for Infrastructure Resilience Planning

CISA Releases Guide to Operational Security for Election Officials

CISA Releases the Marine Transportation System Resilience Assessment Guide

CISA and Fauquier County Hold K-12 Active Shooter Exercise

CISA Releases Guide to Enhance Election Security Through Public Communications

CISA, JCDC, Government and Industry Partners Conduct AI Tabletop Exercise

Readout from CISA’s 2024 Second Quarter Cybersecurity Advisory Committee Meeting

CISA Hosts First Annual Information and Communications Technology Supply Chain Risk Management Task Force Conference

CISA and ONCD Award the Winners of the Fifth Annual President’s Cup Cybersecurity Competition

CISA Blog

Continued Progress Towards a Secure Open Source Ecosystem

Looking Ahead to Better Prepare Today

Why SMBs Don’t Deploy Single Sign On (SSO)

CISA, SAFECOM and NCSWIC Publish SAFECOM Guidance on Emergency Communications Grants

CISA Releases the FY 2024 Rural Emergency Medical Communications Demonstration Project (REMCDP) Notice of Funding Opportunity

National Internet Safety Month: This June, Take 4 Easy Steps to Stay Safe Online

NCSWIC releases the NCSWIC Video Series

A Plan to Protect Critical Infrastructure from 21st Century Threats

Prepared Together Cyber Storm IX Recap

Securing Tomorrow: A Recap of CISA’s Cyber Resilient 911 Symposium (Central Region)

All CISA Advisories

Widespread IT Outage Due to CrowdStrike Update

Ivanti Releases Security Updates for Endpoint Manager

Subnet Solutions PowerSYSTEM Center

Cisco Releases Security Updates for Multiple Products

Philips Vue PACS

Oracle Releases Critical Patch Update Advisory for July 2024

Mitsubishi Electric MELSOFT MaiLab

CISA Releases Three Industrial Control Systems Advisories

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA Releases One Industrial Control Systems Advisory

Exploit-DB.com RSS Feed

[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation

[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection

[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection

[webapps] Microweber 2.0.15 - Stored XSS

[webapps] Customer Support System 1.0 - Stored XSS

[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition

[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

[webapps] Boelter Blue System Management 1.3 - SQL Injection

[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

[webapps] XMB 1.9.12.06 - Stored XSS

[webapps] Carbon Forum 5.9.0 - Stored XSS

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)

[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)

[webapps] Dotclear 2.29 - Remote Code Execution (RCE)

[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)

[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)

[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)

[webapps] Aquatronica Control System 5.1.6 - Information Disclosure

[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)

[webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

[webapps] iMLog < 1.307 - Persistent Cross Site Scripting (XSS)

[webapps] BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

[webapps] htmlLawed 1.2.5 - Remote Code Execution (RCE)

[webapps] PopojiCMS 2.0.1 - Remote Command Execution (RCE)

[webapps] Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)

[webapps] Apache OFBiz 18.12.12 - Directory Traversal

[webapps] Wordpress Theme XStore 9.3.8 - SQLi

[webapps] Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

[webapps] Prison Management System - SQL Injection Authentication Bypass

[webapps] PyroCMS v3.0.1 - Stored XSS

[webapps] CE Phoenix Version 1.0.8.20 - Stored XSS

[webapps] Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)

[webapps] Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)

[remote] CrushFTP < 11.1.0 - Directory Traversal

[local] Plantronics Hub 3.25.1 - Arbitrary File Read

[webapps] Apache mod_proxy_cluster - Stored XSS

[webapps] iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)

[webapps] Clinic Queuing System 1.0 - RCE

[webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure

[webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass

Full Disclosure

[KIS-2024-06] XenForo <= 2.2.15 (Template System) Remote Code Execution Vulnerability

[KIS-2024-05] XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability

CVE-2024-33326

CVE-2024-33327

CVE-2024-33328

CVE-2024-33329

CyberDanube Security Research 20240703-0 | Authenticated Command Injection in Helmholz Industrial Router REX100

SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice

SEC Consult SA-20240626-0 :: Multiple Vulnerabilities in Siemens Power Automation Products

Novel DoS Vulnerability Affecting WebRTC Media Servers

APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8

40 vulnerabilities in Toshiba Multi-Function Printers

17 vulnerabilities in Sharp Multi-Function Printers

SEC Consult SA-20240624-0 :: Multiple Vulnerabilities allowing complete bypass in Faronics WINSelect (Standard + Enterprise)

SEC Consult SA-20240620-0 :: Arbitrary File Upload in edu-sharing (metaVentis GmbH)

Open Source Security

Re: Fwd: Node.js security updates for all active release lines, July 2024

CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion

[ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion

CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients

CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE

CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter

CVE-2024-29178: Apache StreamPark: FreeMarker SSTI RCE Vulnerability

CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows

CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType

Python Infrastructure Admin Token Leaked Through Docker Hub

CVE-2024-29120: Apache StreamPark: Information leakage vulnerability

[kubernetes] CVE-2024-5321: Incorrect permissions on Windows containers logs

CVE-2024-29737: Apache StreamPark (incubating): maven build params could trigger remote command execution

CVE-2023-52291: Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution

CVE-2024-31979: Apache StreamPipes: Possibility of SSRF in pipeline element installation process






© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us