# Twtxt is an open, distributed microblogging platform that # uses human-readable text files, common transport protocols, # and free software. # # Learn more about twtxt at https://github.com/buckket/twtxt # # This is an automated Yarn.social feed running feeds v0.1.0@72e53a9 # Learn more about Yarn.social at https://yarn.social # # nick = @campuscodi@mastodon.social # url = https://feeds.twtxt.net/@campuscodi@mastodon.social/twtxt.txt # type = rss # source = https://mastodon.social/@campuscodi.rss # avatar = https://feeds.twtxt.net/@campuscodi@mastodon.social/avatar.png#mzlvov6akfd6afho4q7je5yc3xofugfn7lqwlvs4xxcmefv6p66a # description = Public posts from @campuscodi@mastodon.social # updated_at = 2024-09-12T11:09:14Z # 2024-05-08T23:40:05Z ****
This is just of the many tweets that are flooding Twitter these days praising Telegram and discouraging users from using Signal with stupid NSA and FBI conspiracy theories.

Under no scenario you should have Telegram installed on your phone. It's basically the Hulk Hogan of E2EE apps ⌘ [Read more](https://mastodon.social/@campuscodi/112408107793576920) 2024-05-08T09:06:39Z ****
Also:

-Microsoft teases new secure ZTDNS client

-FBI warns of STORM-0539

-New tool—Okta Terrify

-Black Hat Asia 2024 slides

-RIOT OS investigates why vulnerabilities took weeks to patch

-Malware reports on Matanbuchus, HijackLoader, Formbook, zEus Stealer, Guntior

-GNUSai loses $1.27mil

-DDoS attacks hit more than 50 Moldovan govt sites since March

-All LockBit affiliates have been identified, per NCA

-Apple releases M4 chip

-FTC fines BetterHelp $7.8mil ⌘ [Read more](https://mastodon.social/@campuscodi/112404673311951458) 2024-05-08T09:02:08Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-lockbit-leader-unmasked-charged-and-sanctioned/](https://news.risky.biz/risky-biz-news-lockbit-leader-unmasked-charged-and-sanctioned/)

Podcast: [https://risky.biz/RBNEWS285/](https://risky.biz/RBNEWS285/)

-LockBit leader unmasked, charged, and sanctioned

-UK accuses China of hacking Ministry of Defense

-New TunnelVision attack leaks VPN traffic

-MITRE links hack to UNC5221 (UTA0178)

-Crypto whale user loses $71mil

-New SecureDrop crypto protocol

-CSRB a ... ⌘ [Read more](https://mastodon.social/@campuscodi/112404655530865857) 2024-05-07T14:22:48Z ****
US charges Russian national with developing and operating the LockBit ransomware

[https://www.justice.gov/opa/pr/us-charges-russian-national-developing-and-operating-lockbit-ransomware](https://www.justice.gov/opa/pr/us-charges-russian-national-developing-and-operating-lockbit-ransomware)

US sanctions here: [https://home.treasury.gov/news/press-releases/jy2326](https://home.treasury.gov/news/press-releases/jy2326)

UK sanctions here: [https://www.gov.uk/government/news/uk-and-allies-sanction-prolific-cyber-hac ... ⌘ [Read more](https://mastodon.social/@campuscodi/112400254115153831) 2024-05-06T09:14:31Z ****
Plus:

-New EU cyber rules for electricity providers

-EU guide for PQC transition

-NATO Locked Shields 2024 concludes

-Operation PANDORA disrupts 12 scam call centers

-BTC-e boss pleads guilty

-Law enforcement teases LockBitSupp dox again

-New Android click fraud trojan

-Mal.metrica, FIN7, and Gootloader campaigns

-APT reports on HideBear and Sandworm's Kapeka

-Vuln reports in Microsoft's PlayReady DRM, the Jitsi Meet video conferencing tool

-Unpatched bug and PoC in Tinyproxy servers ⌘ [Read more](https://mastodon.social/@campuscodi/112393379598067165) 2024-05-06T09:10:55Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-microsoft-ties-security-goals-to-exec-compensation/](https://news.risky.biz/risky-biz-news-microsoft-ties-security-goals-to-exec-compensation/)

Podcast: [https://risky.biz/RBNEWS284/](https://risky.biz/RBNEWS284/)

-Microsoft ties security goals to exec compensation

-EU countries condemn Russia over APT28 hacks

-Hacker-for-hire suspect detained in London

-SiegedSec campaign targets far-right groups

-Another Webex leak in Germany

-City of Wichita suffers ra ... ⌘ [Read more](https://mastodon.social/@campuscodi/112393365462809221) 2024-05-05T14:53:26Z ****
A Prospect article argues that News of the World, a newspaper owned by Rupert Murdoch, didn't just hack the phones of celebrities and politicians to get scoops, but also stole data to help its owner's business empire commercial endeavors.

[https://www.prospectmagazine.co.uk/ideas/media/phone-hacking/65891/did-the-murdoch-empire-hack-mps-for-commercial-ends](https://www.prospectmagazine.co.uk/ideas/media/phone-hacking/65891/did-the-murdoch-empire-hack-mps-for-commercial-ends) ⌘ [Read more](https://mastodon.social/@campuscodi/112389050004686863) 2024-05-05T11:13:58Z ****
Please never stream on Twitch if you have a bad mic.... literally half the audio on this site is just room noise ⌘ [Read more](https://mastodon.social/@campuscodi/112388186982136910) 2024-05-02T16:26:03Z ****
The details around that Outabox hack are giving me a headache ⌘ [Read more](https://mastodon.social/@campuscodi/112372427233822415) 2024-05-01T22:47:54Z ****
A REvil affiliate was sentenced today to 13 years and seven months in prison

Dayummmmm! ![:AAAAAA:](https://files.mastodon.social/custom_emojis/images/000/071/387/original/AAAAAA.png)![:AAAAAA:](https://files.mastodon.social/custom_emojis/images/000/071/387/original/AAAAAA.png)![:AAAAAA:](https://files.mastodon.social/custom_emojis/images/000/071/387/original/AAAAAA.png)![:AAAAAA:](https://files.mastodon.social/custom_emojis/images/000/071/387/original/AAAAAA.png)![:AAAAAA:](https://files.mastodon.social/custom ... ⌘ [Read more](https://mastodon.social/@campuscodi/112368266430718678) 2024-05-01T09:16:47Z ****
Plus:

-Vastaamo hacker sentenced to prison

-2.81mil malicious packages found on DockerHub

-New SecretCrow group targets South Korea with vishing

-Muddling Meerkat abuses China's Great Firewall for ops

-Investigation into Lazarus money laundering

-R vulnerable to unsecured deserialization flaws

-Google increases bug bounties for its mobile apps

-Google blocked 2.2mil bad Play Store apps

-Malware reports on Wpeeper, COSMU, Zloader, Darkgate, Cuckoo, Dagon Locker

-Infosec F1 sponsorship news (kek) ⌘ [Read more](https://mastodon.social/@campuscodi/112365076994592816) 2024-05-01T09:12:50Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-researchers-propose-new-privacy-txt-format/](https://news.risky.biz/risky-biz-news-researchers-propose-new-privacy-txt-format/)

Podcast: [https://risky.biz/RBNEWS282/](https://risky.biz/RBNEWS282/)

-Researchers propose new privacy.txt format

-FTC fines US telcos $196 million for selling location data

-Change Healthcare hacked via unprotected Citrix account

-FTC expands breach notification rules to health apps

-Most automakers don't require a warrant to sha ... ⌘ [Read more](https://mastodon.social/@campuscodi/112365061421938269) 2024-04-30T16:18:03Z ****
Google will literally pay AI tech bros for AI-hallucinated news before they pay actual news outlets for their content

[https://mastodon.social/@Techmeme@techhub.social/112360924473730061](https://mastodon.social/@Techmeme@techhub.social/112360924473730061) ⌘ [Read more](https://mastodon.social/@campuscodi/112361071163219373) 2024-04-29T23:01:00Z ****
If there's one tech blog you read this month... make it this one: [https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/](https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/) ⌘ [Read more](https://mastodon.social/@campuscodi/112356993280072894) 2024-04-28T13:38:47Z ****
The brain cancer of crypto-bros in two images

Crypto bros this week (first image): tHe US hAs ArReStEd tWo PrIvAcY dEvEl0PeRs

The privacy developers (second image): Come launder crypto with us, Russian oligarchs!!! ⌘ [Read more](https://mastodon.social/@campuscodi/112349120262129105) 2024-04-26T09:02:29Z ****
Also:

-Malware reports on Grandoreiro, Brokewell, Sliver, Remcos, SSLoad, IDAT Loader, Cactus

-New Qiulong ransomware

-APT reports on Pakistani APTs and APT threat to elections

-Oracle VirtualBox PoC

-Vuln reports on Brocade, iSharing

-Bcrypt cracking research

-Botconf videos

-KnowBe4 acquires Egress

-FCC votes back net neutrality

-EU passes right to repair directive

-US bans non-competes ⌘ [Read more](https://mastodon.social/@campuscodi/112336709209885670) 2024-04-26T08:59:05Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-cisco-zero-day-fun-time-is-here/](https://news.risky.biz/risky-biz-news-cisco-zero-day-fun-time-is-here/)

Podcast: [https://risky.biz/RBNEWS280/](https://risky.biz/RBNEWS280/)

-Cisco zero-day fun time is here!

-PlugX USB worm infects 2.5 million devices

-El Salvador crypto-service hacked

-US takes down another crypto-mixing service

-Nothing phonemaker discloses data breach

-Meduza DDoS attack linked to residential proxy providers

-Coast Guard Reserve bre ... ⌘ [Read more](https://mastodon.social/@campuscodi/112336695831877482) 2024-04-25T20:24:21Z ****
These talks are amazing... I'm being reminded why Botconf has always been my favorite conference ⌘ [Read more](https://mastodon.social/@campuscodi/112333728094530572) 2024-04-25T19:52:47Z ****
Talks from the Botconf 2024 security conference, which took place this week, are available on YouTube

[https://www.youtube.com/playlist?list=PL8fFmUArVzKj1hTdulLfht1OosYqSp4sO](https://www.youtube.com/playlist?list=PL8fFmUArVzKj1hTdulLfht1OosYqSp4sO) ⌘ [Read more](https://mastodon.social/@campuscodi/112333603984100753) 2024-04-25T19:40:17Z ****
Apparently Edge had support for mouse gestures for a year now and I haven't noticed

[https://textslashplain.com/2024/04/23/mouse-gestures-in-edge/](https://textslashplain.com/2024/04/23/mouse-gestures-in-edge/) ⌘ [Read more](https://mastodon.social/@campuscodi/112333554785145023) 2024-05-09T10:40:28Z ****
Other people are now seeing the same Twitter spam.

Many of these spammy accounts are post Feb 2022 accounts, suggesting a Russian nexus. ⌘ [Read more](https://mastodon.social/@campuscodi/112410704497640450) 2024-05-09T18:33:38Z ****
LockBitSupp doing the media tour with the same boring ass "you got the wrong guy" routine that all the previous ransomware dudes attempted and failed ⌘ [Read more](https://mastodon.social/@campuscodi/112412565076138663) 2024-05-09T18:33:38Z ****
LockBitSupp doing the media tour with the same boring ass "you got the wrong guy" routine that all the previous ransomware dudes attempted and failed ⌘ [Read more](https://mastodon.social/@campuscodi/112412565076138663) 2024-05-10T09:20:46Z ****
And:

-16 OAGs send a privacy letter to Congress

-New WordPress malware

-Malware reports on AsyncRAT, Mirai, Viper

-Summary of Russian APT activity in Ukraine

-Emerald Divide info ops

-CopyCop info ops

-Doppelganger and Havana Syndrome info ops

-Doppelganger and the campus protests info ops

-New APT28 attacks in Poland

-New covert channel attack uses CPU speeds

-NetNoiseCon 2024 videos

-New tools in PGDSAT, Misconfig Mapper, CISA Parsnip, CISA Vulnrichment, and CCTV ⌘ [Read more](https://mastodon.social/@campuscodi/112416053427566737) 2024-05-10T09:17:36Z ****
Plus:

-Canada's British Columbia province suffers a breach

-WebDetetive/OwnSpy second hack

-Russian hackers hijack Balticom TV signals

-Boeing confirms $200mil ransom in 2023 ransomware incident

-StackOverflow AI bros turn on their users

-New Apple security guides

-First Cybersecurity Posture of the US report

-Skimmer gang detained

-BogusBazaar gang runs 75K fake online stores

-Reports on Tycoon 2FA PhaaS and Cerberus gangs

-NSO uses lawsuit to go after CitizenLab's methods ⌘ [Read more](https://mastodon.social/@campuscodi/112416040986601048) 2024-05-10T09:14:20Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-68-tech-companies-pledge-to-cisas-secure-by-design-project/](https://news.risky.biz/risky-biz-news-68-tech-companies-pledge-to-cisas-secure-by-design-project/)

Podcast: [https://risky.biz/RBNEWS286/](https://risky.biz/RBNEWS286/)

-68 tech companies pledge to CISA's Secure by Design project

-European Parliament discloses data breach

-Another major US healthcare chain gets hacked;

-Scattered Spider returns

-F5 fixes some major bugs

-Dell data breach

-Zscal ... ⌘ [Read more](https://mastodon.social/@campuscodi/112416028113018429) 2024-05-12T12:28:10Z ****
Is Gmail useless these days? I keep marking domains as spam, yet they're back the next day in my inbox with literally the same email/domain I marked as spam a few hours ago ⌘ [Read more](https://mastodon.social/@campuscodi/112428114932940095) 2024-05-13T08:07:53Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-black-basta-group-spam-bombs-victims-and-then-calls-to-help/](https://news.risky.biz/risky-biz-news-black-basta-group-spam-bombs-victims-and-then-calls-to-help/)

Podcast: [https://risky.biz/RBNEWS287/](https://risky.biz/RBNEWS287/)

-Black Basta group spam-bombs victims and then calls to help

-Smart home wall pad hacker sentenced

-Another Europol data breach

-Google fixes a Chrome zero-day

-US Navy to build a unified cyber defense network

-UK NHS warns of ... ⌘ [Read more](https://mastodon.social/@campuscodi/112432753784997261) 2024-05-13T08:10:54Z ****
Plus:

-US Coast Guard sends phishing alert

-Malicious Minecraft mod found

-New Activator macOS malware

-Malware reports on Cuckoo Stealer, Kinsing, HiddenShovel, and the Rhysida, BlackBasta, and Wormhole ransomware strains

-APT reports on Lazarus, Kimsuky, and MuddyWater

-Cinterion modem vulnerabilities impact IoT/ICS gear

-Big NextJS and PDF.js bugs

-New PressHammer attack

-New tools—HoneyTrail and HelloJackHunter

-RSA and UniCon conference videos ⌘ [Read more](https://mastodon.social/@campuscodi/112432765614413255) 2024-05-15T09:49:06Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-ebury-botnet-compromises-entire-isps-and-hosting-providers/](https://news.risky.biz/risky-biz-news-ebury-botnet-compromises-entire-isps-and-hosting-providers/)

Podcast: [https://risky.biz/RBNEWS288/](https://risky.biz/RBNEWS288/)

-Ebury gang compromises entire ISPs and hosting providers

-UK announces Share and Defend project

-UK advises against paying ransoms

-Helsinki discloses data breach

-New RFDoS attack takes down sites with their own firewall

-Apple ... ⌘ [Read more](https://mastodon.social/@campuscodi/112444476421263216) 2024-05-15T09:52:32Z ****
Plus:

-History of the SolarMarker malware family

-Malware reports on Black Basta, CrealStealer

-Reports on campaigns abusing malvertising, FoxIT exploits, copyright violation notices, and more

-GitCaught campaign

-Mallox ransomware campaign hits MSSQL DBs

-Trik botnet spams loads of LockBit payloads

-APT reports on Lazarus, PhantomCore, CeranaKeeper

-Patch Tuesday is out

-2 MSFT zero-days, one Chrome one

-CYBERUK 2024 videos

-New tools—Fiddleitm, IconJector, wayback-keyword-search ⌘ [Read more](https://mastodon.social/@campuscodi/112444489897564617) 2024-05-15T19:20:37Z ****
Twitter is full of idiots blaming the Fico assassination attempt on everything under the sun. From the WHO to Soros.

That site keeps digging its own grave of irrelevance ⌘ [Read more](https://mastodon.social/@campuscodi/112446723681367475) 2024-05-16T18:12:51Z ****
NetBSD follows Gentoo and bans AI-generated code

"Code generated by a large language model or similar technology, such as GitHub/Microsoft's Copilot, OpenAI's ChatGPT, or Facebook/Meta's Code Llama, is presumed to be tainted code, and must not be committed without prior written approval by core."

[https://www.netbsd.org/developers/commit-guidelines.html](https://www.netbsd.org/developers/commit-guidelines.html) ⌘ [Read more](https://mastodon.social/@campuscodi/112452119527996105) 2024-05-17T09:39:17Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-feds-seize-breachforums-again/](https://news.risky.biz/risky-biz-news-feds-seize-breachforums-again/)

Podcast: [https://risky.biz/RBNEWS289/](https://risky.biz/RBNEWS289/)

-Feds seize BreachForums (again)

-Microsoft to require MFA for all Azure accounts (maybe?)

-US arrests woman for running laptop farm for DPRK IT workers

-Major hack at Australian healthcare org

-Sonne Finance hacked for $20 mil

-Android adds anti-theft feature

-The Netherlands criminal ... ⌘ [Read more](https://mastodon.social/@campuscodi/112455762396973262) 2024-05-17T09:46:36Z ****
And:

-Swedish far-right party linked to troll farm

-Companies of two Moldavian brothers linked to Doppelganger, the RRN network, and NoName057

-Profile of a major Russian disinfo peddler

-ThroughTek platform vulnerabilities impact 100 mil devices

-Major bugs in GE ultrasound devices

-Cisco security updates

-HTTP/2 CONTINUATION Flood attack found to be pretty massive/efficient

-Third Chrome zero-day in a week

-Major moves on the SIEM market

-Doxbin goes down after videos of admin getting beat up ⌘ [Read more](https://mastodon.social/@campuscodi/112455791200714417) 2024-05-17T09:42:58Z ****
Plus:

-NetBSD bans AI code

-Apple publishes App Store fraud numbers

-UK NCSC launches cyber protection service for election workers/candidates

-New NIST and CISA guides

-FCC proposes BGP reporting requirements

-Two MEV crypto bot hackers arrested

-Nigerian scammer sentenced

-LabHost-related arrests continue

-ViperSoftX malware adopts OCR

-Malware reports on Latrodectus, Darkgate, Metamorfo, Black Basta

-APT reports on Kimsuky, Bitter, Earth Hundun, Turla

-New WiFi SSID confusion attack ⌘ [Read more](https://mastodon.social/@campuscodi/112455776919880301) 2024-05-20T10:21:38Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-germany-sues-microsoft-for-details-on-past-hack/](https://news.risky.biz/risky-biz-news-germany-sues-microsoft-for-details-on-past-hack/)

Podcast: [https://risky.biz/RBNEWS290/](https://risky.biz/RBNEWS290/)

-Germany sues Microsoft for details on past hack

-VirusTotal releases a new YARA version rewritten in Rust

-SEC adopts stricter data breach notification rules

-First major deepfake hack incident confirmed

-China establishes Matrix Cup, a new hacking co ... ⌘ [Read more](https://mastodon.social/@campuscodi/112472915857359720) 2024-05-20T10:25:50Z ****
Also:

-Pink Drainer shuts down

-Three Israeli firms linked to major malvertising push

-Two pig-butchering scammers detained

-Microsoft cuts out Russian customers

-Nigeria suspends cybersecurity tax

-Slack to harvest DMs for our future AI overlords

-Pump[.]fun hacked for $2mil

-Grandoreiro malware gang returns

-Malware reports on STRRAT and Windows bootkits

-APT reports on Obstinate Mogwai and Andariel's DoraRAT

-Loads of disinformation campaigns going on (origin: Russia and Azerbaijan) ⌘ [Read more](https://mastodon.social/@campuscodi/112472932364605154) 2024-05-20T21:36:00Z ****
Russian security firm FACCT has spotted a threat actor targeting Russian companies with a leaked version of the LockBit ransomware.

[https://t.me/F\_A\_C\_C\_T/3214](https://t.me/F_A_C_C_T/3214)

The most interesting part is that FACCT refers to the group using a "werewolf" moniker.

The werewolf term is typically used by Russian security firms to refer to state-sponsored groups.

[https://securitymedia.org/info/vervolf-v-tayfune-klassifikatsiya-i-analiz-khakerskikh-gruppirovok.html](https://securitymedia.org/i ... ⌘ [Read more](https://mastodon.social/@campuscodi/112475567565813113) 2024-05-20T21:35:24Z ****
A threat actor named USDoD has teased a new replacement for the seized BreachForums.

The new forum will be named Breach Nation and will launch on July 4 at breachnation[.]io.

[https://archive.li/QbBzm](https://archive.li/QbBzm) ⌘ [Read more](https://mastodon.social/@campuscodi/112475565247579671) 2024-05-20T21:40:04Z ****
The US has arrested the admin of the Incognito Market.

[https://www.justice.gov/opa/pr/incognito-market-owner-arrested-operating-one-largest-illegal-narcotics-marketplaces](https://www.justice.gov/opa/pr/incognito-market-owner-arrested-operating-one-largest-illegal-narcotics-marketplaces)

The market exit scammed in March and its admin extorted his past users

[https://krebsonsecurity.com/2024/03/incognito-darknet-market-mass-extorts-buyers-sellers/?ref=news.risky.biz](https://krebsonsecurity.com/2024/03/incogn ... ⌘ [Read more](https://mastodon.social/@campuscodi/112475583601828891) 2024-05-20T22:13:50Z ****
Was not expecting Ubuntu to be there. Is this one of those AWS default images or what?

Source PDF: [https://www.runzero.com/uploads/documents/reports/runzero-research-report-vol1-2024-05.pdf](https://www.runzero.com/uploads/documents/reports/runzero-research-report-vol1-2024-05.pdf) ⌘ [Read more](https://mastodon.social/@campuscodi/112475716329366481) 2024-05-20T23:45:22Z ****
Security firm Redline has published a write-up and PoC on CVE-2024-22026, a local privilege escalation vulnerability in Ivanti Enterprise Mobility Management Platform (EPMM) (formerly MobileIron) servers.

[https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core](https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core)

[https://github.com/securekomodo/CVE-2024-22026](https://github.com/securekomodo/CVE-2024-22026) ⌘ [Read more](https://mastodon.social/@campuscodi/112476076248309049) 2024-05-21T00:50:35Z ****
Check Point says that two Iranian APT groups have collaborated in attacks carried out over the past several years against targets in Albania and Israel.

The first group is focused on intelligence collection, while the second group deploys ransomware and data wipers and leaks data as part of information and influence operations.

Both groups are affiliated with Iran's MOIS and are using what appears to be a well-documented handoff procedure.

[https://research.checkpoint.com/2024/bad-karma-no-justice-void-mantic ... ⌘ [Read more](https://mastodon.social/@campuscodi/112476332710912975) 2024-05-21T10:18:35Z ****
Tenable security researchers have found a vulnerability in the Fluent Bit monitoring and logging utility.

Named Linguistic Lumberjack (CVE-2024-4323), the vulnerability can be used for denial of service, information disclosure, or remote code execution.

A fix was committed to the Fluent Bit code last week, but the project has not released an official fix/

Tenable fears threat actors may exploit knowledge of the bug to launch attacks.

[https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-service ... ⌘ [Read more](https://mastodon.social/@campuscodi/112478566174835709) 2024-05-21T10:35:12Z ****
The Open-Source Security Foundation has launched Siren, a mailing list for sharing threat intel about open-source projects

[https://openssf.org/blog/2024/05/20/enhancing-open-source-security-introducing-siren-by-openssf/](https://openssf.org/blog/2024/05/20/enhancing-open-source-security-introducing-siren-by-openssf/) ⌘ [Read more](https://mastodon.social/@campuscodi/112478631507605935) 2024-05-21T12:05:56Z ****
Microsoft has published a blog post with all the security features shipping with Windows 11 in the coming months

[https://www.microsoft.com/en-us/security/blog/2024/05/20/new-windows-11-features-strengthen-security-to-address-evolving-cyberthreat-landscape/](https://www.microsoft.com/en-us/security/blog/2024/05/20/new-windows-11-features-strengthen-security-to-address-evolving-cyberthreat-landscape/) ⌘ [Read more](https://mastodon.social/@campuscodi/112478988276543538) 2024-05-21T12:36:24Z ****
Ukraine's CERT team says that starting with May 20, it detected a huge wave of spam coming from fin-group UAC-0006 and targeting Ukrainian government and private organizations.

[https://cert.gov.ua/article/6279366](https://cert.gov.ua/article/6279366) ⌘ [Read more](https://mastodon.social/@campuscodi/112479108074211608) 2024-05-21T12:29:56Z ****
Last week, watchTowr Labs published a report about 15 vulnerabilities in QNAP NAS devices: [https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/](https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/)

QNAP patched only four.

Days after a PoC was published online, QNAP patched another five

[https://www.qnap.com/en/security-advisory/qsa-24-23](https://www.qnap.com/en/security-advisory/qsa-24-23) ⌘ [Read more](https://mastodon.social/@campuscodi/112479082653543691) 2024-05-21T17:19:20Z ****
SentinelOne has published a profile on Ikaruz Red Team, a hacktivist group using ransomware attacks as part of its operations against the Philippines.

One of its past targets was an attack against the Department of Science and Technology, where the group tried to pose as the country's CERT service.

[https://www.sentinelone.com/blog/ikaruz-red-team-hacktivist-group-leverages-ransomware-for-attention-not-profit/](https://www.sentinelone.com/blog/ikaruz-red-team-hacktivist-group-leverages-ransomware-for-attention ... ⌘ [Read more](https://mastodon.social/@campuscodi/112480220625980468) 2024-05-21T17:40:05Z ****
A report from IntelligenceOnline claims Zerodium may be close to shutting down

[https://www.intelligenceonline.com/surveillance--interception/2024/05/21/iconic-american-vulnerability-trader-zerodium-to-close-its-doors,110228370-art](https://www.intelligenceonline.com/surveillance--interception/2024/05/21/iconic-american-vulnerability-trader-zerodium-to-close-its-doors,110228370-art) ⌘ [Read more](https://mastodon.social/@campuscodi/112480302251947603) 2024-05-21T20:17:52Z ****
Security researcher Amal Murali has published a PoC for CVE-2024-32002, an RCE in the Windows Git client that can be triggered via a simple git clone operation.

[https://amalmurali.me/posts/git-rce/](https://amalmurali.me/posts/git-rce/)

[https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/?ref=news.risky.biz](https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/?ref=news.risky.biz) ⌘ [Read more](https://mastodon.social/@campuscodi/112480922657918285) 2024-05-22T08:25:52Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-dnsbomb-attack-is-here-pew-pew-pew/](https://news.risky.biz/risky-biz-news-dnsbomb-attack-is-here-pew-pew-pew/)

Podcast: [https://risky.biz/RBNEWS291/](https://risky.biz/RBNEWS291/)

-DNSBomb attack is here! Pew pew pew!!!

-Rockwell tells customers to disconnect ICS gear from the internet

-Linguistic Lumberjack vulnerability impacts most cloud providers

-Incognito Market admin arrested

-Gala Games hacked for $21mil

-US EPA announces future cyber enforcemen ... ⌘ [Read more](https://mastodon.social/@campuscodi/112483785257743781) 2024-05-22T08:30:38Z ****
And:

-Auth bypass in GitHub ES

-Werewolves ransomware group hits Russia

-Malware reports on a new Exchange keylogger, GhostEngine, Latrodectus, SamsStealer, CLOUD#REVERSER

-DoppelGänger is everywhere right now

-Two Iranian APTs are working together, handing off access

-Academic work finds that AI safeguards suck

-POCs released for Git, FortiSIEM, and Ivanti bugs

-QNAP patches bug after POC release

-Bitbucket may leak plaintext creds

-CyberArk buys Venafi

-New Siren mailing list for FOSS projects ⌘ [Read more](https://mastodon.social/@campuscodi/112483803995157864) 2024-05-22T16:13:55Z ****
Apparently, this actually happened: [https://x.com/DrewPavlou/status/1791612346844209225](https://x.com/DrewPavlou/status/1791612346844209225)

Press coverage: [https://www.jpost.com/omg/article-801627](https://www.jpost.com/omg/article-801627) ⌘ [Read more](https://mastodon.social/@campuscodi/112485625701828152) 2024-05-22T16:18:06Z **** ⌘ [Read more](https://mastodon.social/@campuscodi/112485642158514469) 2024-05-22T17:21:32Z ****
Just think about it!

In just 14 days, Microsoft pivoted from "do security" in an internal memo on May 5 to "let's install spyware on everyone's PC" on May 21.

That must be a world record in bad corporate management ⌘ [Read more](https://mastodon.social/@campuscodi/112485891596827830) 2024-05-22T17:24:52Z ****
For those unaware of what's happening, this post from [@GossiTheDog](https://cyberplace.social/@GossiTheDog) explains Microsoft's completely idiotic plans

[https://doublepulsar.com/how-the-new-microsoft-recall-feature-fundamentally-undermines-windows-security-aa072829f218](https://doublepulsar.com/how-the-new-microsoft-recall-feature-fundamentally-undermines-windows-security-aa072829f218) ⌘ [Read more](https://mastodon.social/@campuscodi/112485904703334933) 2024-05-22T20:28:48Z ****
BlueSky adds DM support

[https://bsky.app/profile/bsky.app/post/3kt3y33tk4w2m](https://bsky.app/profile/bsky.app/post/3kt3y33tk4w2m) ⌘ [Read more](https://mastodon.social/@campuscodi/112486627952049378) 2024-05-22T23:26:28Z ****
The VBScript deprecation timeline is useless. It's in 3 f\*\*\*ing years, with no removal date even set.

It's like saying to your wife "yeah, I'll fix it"....but not actually getting to it any time soon

[https://techcommunity.microsoft.com/t5/windows-it-pro-blog/vbscript-deprecation-timelines-and-next-steps/ba-p/4148301](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/vbscript-deprecation-timelines-and-next-steps/ba-p/4148301) ⌘ [Read more](https://mastodon.social/@campuscodi/112487326586406644) 2024-05-23T11:31:12Z ****
Google's Mandiant division warns about an increasing number of Chinese APT groups adopting ORB (operational relay box) networks to disguise their attack infrastructure.

Mandiant says it's tracking multiple ORB networks in the wild. The biggest are SPACEHOP and FLORAHOX, used by groups like APT5 and APT31, respectively.

[https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks/](https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks/) ⌘ [Read more](https://mastodon.social/@campuscodi/112490176326516580) 2024-05-23T12:11:46Z ****
Boost and ExpressVPN have published security audits this week.

The Boost audit found seven vulnerabilities, while the ExpressVPN audit looked at the company's no-logs policy.

[https://www.shielder.com/blog/2024/05/boost-security-audit/](https://www.shielder.com/blog/2024/05/boost-security-audit/)

[https://www.expressvpn.com/security-audit-reports/kpmg-privacy-policy-2023](https://www.expressvpn.com/security-audit-reports/kpmg-privacy-policy-2023) ⌘ [Read more](https://mastodon.social/@campuscodi/112490335843975984) 2024-05-23T14:57:04Z ****
It's quite something when TikTok takes down more influence operations than Twitter:

[https://www.tiktok.com/transparency/en/covert-influence-operations/](https://www.tiktok.com/transparency/en/covert-influence-operations/)

How the times have changed! ⌘ [Read more](https://mastodon.social/@campuscodi/112490985827686420) 2024-05-23T14:55:52Z ****
Codean's Thomas Rinsma has published a write-up of a bug he found in Mozilla's PDF.js PDF file viewer.

The bug could have allowed threat actors to run malicious code inside apps where the PDF.js library was used and left misconfigured.

It's a pretty niche scenario, but 10/10 on the nasty scale.

[https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/](https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/) ⌘ [Read more](https://mastodon.social/@campuscodi/112490981130285183) 2024-05-23T15:20:38Z ****
I love you Swifties... pls never come after me 😅

[https://mastodon.social/@Techmeme@techhub.social/112490941910915590](https://mastodon.social/@Techmeme@techhub.social/112490941910915590) ⌘ [Read more](https://mastodon.social/@campuscodi/112491078502997516) 2024-05-23T15:48:56Z ****
More than three months after NIST stopped enriching the NVD database, the organization has yet to resume its normal activity.

93% of all vulnerabilities added to the NVD database over the last three months still lack crucial information.

According to a report from security firm VulnCheck, NIST's involvement with the NVD is slowing down, with fewer vulnerabilities processed with each passing week.

[https://vulncheck.com/blog/nvd-backlog-exploitation](https://vulncheck.com/blog/nvd-backlog-exploitation) ⌘ [Read more](https://mastodon.social/@campuscodi/112491189823669562) 2024-05-23T19:07:09Z ****
A suspected Chinese APT group named Sharp Dragon (Sharp Panda) has expanded its targeting to new regions, such as Africa and the Caribbean.

Check Point says the group is now using compromised accounts inside Southeast Asian governments of past victims to reach out to African and Caribbean governments and establish new footholds.

Researchers say the group is careful when selecting new targets and uses publicly and readily available tools to blend in with the noise.

[https://research.checkpoint.com/2024/sharp-d ... ⌘ [Read more](https://mastodon.social/@campuscodi/112491969205430081) 2024-05-23T20:08:42Z ****
Relationship goals:

I want to meet someone who treats me as Russian bots and Russian media treat Elon Musk ⌘ [Read more](https://mastodon.social/@campuscodi/112492211262492600) 2024-05-23T20:58:58Z ****
Chinese security firm QiAnXin is seeing a surge in activity in IoT botnets using a variant of the Mirai malware named CatDDoS.

The botnets have exploited over 80 vulnerabilities in different devices over the last three months to amass new bots and improve their attack capabilities.

CatDDoS-related botnets are currently launching attacks on more than 300 targets on a daily basis.

QiAnXin says it's seeing some of the botnets attempting to cannibalize each other's bots.

[https://blog.xlab.qianxin.com/catddos-de ... ⌘ [Read more](https://mastodon.social/@campuscodi/112492408910024429) 2024-05-23T20:59:23Z ****
The President of Latvia has asked the government to amend the country's criminal code to criminalize the creation of deepfakes for political use.

The proposal suggests that offenders should face punishment of up to five years in jail.

President Edgars Rinkēvičs' proposal comes after deepfakes were used in Slovakia's presidential and parliamentary election last year in support of an anti-EU and pro-Kremlin candidate.

[https://eng.lsm.lv/article/politics/politics/22.05.2024-president-presents-deepfake-parliamen ... ⌘ [Read more](https://mastodon.social/@campuscodi/112492410545723335) 2024-05-24T08:03:28Z ****
Plus:

-Change Healthcare victims ask US HHS for HIPAA exemption

-NYSE fined over 2021 hack

-City of Eindhoven has a leak

-UK ICO to investigate Microsoft over Recall feature

-Apple's WPS is leaking

-US lawmakers propose Diverse Cybersecurity Workforce Act

-EU countries put out anti-propaganda statement

-Latvia wants to criminalize political deepfakes

-BEC money launderer sentenced

-Malware reports on Gootloader, bunch of new stealers, ShrinkLocker, and CatDDoS

-Loads of reports on Chinese APTs ⌘ [Read more](https://mastodon.social/@campuscodi/112495021820717737) 2024-05-24T07:59:16Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-backdoor-found-in-court-and-jail-av-recording-software/](https://news.risky.biz/risky-biz-news-backdoor-found-in-court-and-jail-av-recording-software/)

Podcast: [https://risky.biz/RBNEWS292/](https://risky.biz/RBNEWS292/)

-Backdoor found in court and jail AV recording software

-Kevin Mandia steps down

-TikTok takes down several influence networks

-LastPass will start encrypting URLs

-Microsoft publishes VBScript deprecation timeline

-Gala Games gets its h ... ⌘ [Read more](https://mastodon.social/@campuscodi/112495005311595863) 2024-05-24T16:23:02Z ****
How about you f\*\*\* off instead ⌘ [Read more](https://mastodon.social/@campuscodi/112496986175667717) 2024-05-24T16:32:13Z ****
Shitty ass Meta... doesn't ask me for an OTP for ages... asks me for one when opting out of their AI bullshit.

Passive aggressive cunts! ⌘ [Read more](https://mastodon.social/@campuscodi/112497022313781956) 2024-05-24T23:13:16Z ****
Rostelecom's security team has discovered a new APT group attacking Russian government agencies and their contractors.

Named Shedding Zmiy, the group has links to the old Cobalt cybercrime operation. Rostelecom says the group switched from financial crimes to espionage in late 2022.

The Russian telco describes Shedding Zmiy as one of the most active and professional APT groups currently targeting Russia.

[https://rt-solar.ru/solar-4rays/blog/4333/](https://rt-solar.ru/solar-4rays/blog/4333/) ⌘ [Read more](https://mastodon.social/@campuscodi/112498599266357623) 2024-05-25T21:13:41Z ****
MITRE has published a three-part series that looks at its security breach from earlier this year.

In its last part, published last week, MITRE looks at the group's malware—the BRICKSTORM backdoor and the BEEFLUSH web shell.

1- [https://medium.com/mitre-engenuity/advanced-cyber-threats-impact-even-the-most-prepared-56444e980dc8](https://medium.com/mitre-engenuity/advanced-cyber-threats-impact-even-the-most-prepared-56444e980dc8)

2- [https://medium.com/mitre-engenuity/technical-deep-dive-understanding-the-anato ... ⌘ [Read more](https://mastodon.social/@campuscodi/112503791372484604) 2024-05-25T23:30:08Z ****
Holy moly... one of my 2016 articles...

[https://mastodon.social/@haveibeenpwned@infosec.exchange/112489156406624470](https://mastodon.social/@haveibeenpwned@infosec.exchange/112489156406624470)

I'm such a relic I don't even remember those days ⌘ [Read more](https://mastodon.social/@campuscodi/112504327944579405) 2024-05-25T23:50:03Z ****
"On May 23, 2024 a threat actor posted the alleged stolen Medisecure data to underground forum, Exploit."

[https://cyberknow.substack.com/p/medisecure-data-posted-to-forum](https://cyberknow.substack.com/p/medisecure-data-posted-to-forum) ⌘ [Read more](https://mastodon.social/@campuscodi/112504406222865081) 2024-05-26T00:39:57Z ****
ESET has open-sourced a new tool named Nimfilt that can be used to analyze Nim (malware) binaries.

[https://www.welivesecurity.com/en/eset-research/introducing-nimfilt-reverse-engineering-tool-nim-compiled-binaries/](https://www.welivesecurity.com/en/eset-research/introducing-nimfilt-reverse-engineering-tool-nim-compiled-binaries/)

[https://github.com/eset/nimfilt](https://github.com/eset/nimfilt) ⌘ [Read more](https://mastodon.social/@campuscodi/112504602453558356) 2024-05-26T10:31:22Z ****
NCC Group has open-sourced a tool called Cranim that can be used to visualize and render cryptographic concepts

[https://github.com/nccgroup/manim-cranim](https://github.com/nccgroup/manim-cranim) ⌘ [Read more](https://mastodon.social/@campuscodi/112506928025687381) 2024-05-26T10:57:23Z ****
Does anyone know which of these companies had a major breach in Jan this year?

[https://en.wikipedia.org/wiki/Category:Companies\_based\_in\_Bergen\_County,\_New\_Jersey](https://en.wikipedia.org/wiki/Category:Companies_based_in_Bergen_County,_New_Jersey) ⌘ [Read more](https://mastodon.social/@campuscodi/112507030324185667) 2024-05-26T11:57:36Z ****
ITOCHU says the new BLOODALCHEMY malware is an evolved version of Deed RAT—itself a successor of ShadowPad.

The malware was spotted in the wild for the first time last year by Elastic's security team.

Elastic spotted the malware on the network of a Foreign Affairs Ministry from a member of the Association of Southeast Asian Nations (ASEAN)—so very likely, a Chinese APT op.

[https://blog-en.itochuci.co.jp/entry/2024/05/23/090000](https://blog-en.itochuci.co.jp/entry/2024/05/23/090000) ⌘ [Read more](https://mastodon.social/@campuscodi/112507267106204385) 2024-05-26T12:50:59Z ****
Google has published a blog post with some of the security features expected to arrive with Android 15 later this fall.

The major features include the addition of private spaces (a separate space on their device where they can keep sensitive apps away from prying eyes, under an additional layer of authentication) and improved background activity protections (so background apps can't bring apps to the foreground and abuse user interaction).

[https://android-developers.googleblog.com/2024/05/the-second-beta-of-a ... ⌘ [Read more](https://mastodon.social/@campuscodi/112507476992107769) 2024-05-26T12:50:38Z ****
In a landmark case, a US judge ruled that a cheating software vendor violated the copyright of Bungie, the maker of the Destiny game.

Since US courts work on precedence, this will allow even more companies to go after wallhack and cheat software vendors plaguing their games.

Unfortunately, this will likely impact legitimate gaming modders as well.

[https://www.pcgamer.com/gaming-industry/bungie-wins-a-little-walkin-around-money-in-first-of-its-kind-jury-trial-against-destiny-2-cheat-maker-but-the-victory-will ... ⌘ [Read more](https://mastodon.social/@campuscodi/112507475603374726) 2024-05-26T18:45:19Z ****
Russian security firm Positive Technologies has published more details about an APT it tracks as Hellhounds, which the company first spotted last year.

PT says the group has been active since 2021, operates the Decoy Dog malware, and has made at least 48 confirmed victims inside Russia.

[https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/hellhounds-operation-lahat-part-2/](https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/hellhounds-operation-lahat-part-2/) ⌘ [Read more](https://mastodon.social/@campuscodi/112508870311284937) 2024-05-26T20:27:22Z ****
ZenGo CTO Tal Be'ery has found an issue in WhatsApp that allows attackers to fingerprint a user's devices if the target has their account connected to multiple devices.

Meta declined to patch the reported issue.

[https://medium.com/@TalBeerySec/hi-meta-whatsapp-with-integrity-4d85756dd7c5](https://medium.com/@TalBeerySec/hi-meta-whatsapp-with-integrity-4d85756dd7c5) ⌘ [Read more](https://mastodon.social/@campuscodi/112509271540882448) 2024-05-26T20:25:28Z ****
The Rust Foundation says that 20% of all Rust packages (crates) use the "unsafe" keyword to run unsafe code and expose their code to attacks.

Rust developers say that most of the unsafe keyword usage is related to the loading of non-Rust language code or libraries, such as C or C++.

The package with the most uses of the unsafe keyword is the Windows crate, which allows Rust developers to call into various Windows APIs.

[https://foundation.rust-lang.org/news/unsafe-rust-in-the-wild-notes-on-the-current-state-o ... ⌘ [Read more](https://mastodon.social/@campuscodi/112509264089778342) 2024-05-27T09:17:07Z ****
And:

-PyLocky ransomware case in France to finally continue

-Vulnerabilities in MikroTik, ILIAS LMS, Replicate, Jenkins, WhatsApp

-POCs for Telesquare routers, Win10 EoP

-BLOODALCHEMY malware linked to ShadowPad

-Bugcrowd acquires Informer

-Shedding Zmiy APT linked to old Cobalt gang

-Hellhounds continues attacking Russia

-Report on the malware used in the MITRE hack

-A fifth of Rust crates use "unsafe" keyword

-Trump promises to pardon Ross Ulbricht for some reason

-ICQ to shut down on June 26 ⌘ [Read more](https://mastodon.social/@campuscodi/112512298341796117) 2024-05-27T09:12:25Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-google-throws-out-globaltrust-certs/](https://news.risky.biz/risky-biz-news-google-throws-out-globaltrust-certs/)

Podcast: [https://risky.biz/RBNEWS293/](https://risky.biz/RBNEWS293/)

-Google distrust GlobalTrust certs

-Spyware vendor pcTattletale hacked

-South Africa suspends child maintenance payments after hack

-Russian initial access broker charged in the US

-Optus to be investigated for 2022 hack

-MediSecure data sold online

-FHA adds new cybersecur ... ⌘ [Read more](https://mastodon.social/@campuscodi/112512279882626252) 2024-05-27T21:22:56Z ****
Security researchers have discovered a new Ransomware-as-a-Service advertised on underground hacking forums since February this year.

The new ransomware is named Synapse, and it contains code that spares Iranian systems from encryption.

According to security firm CyFirma, earlier this year, the Synapse group released a demo video to prove they built the fastest file-encrypting ransomware to date.

[https://www.cyfirma.com/research/synapse-ransomware-technical-analysis/](https://www.cyfirma.com/research/synapse ... ⌘ [Read more](https://mastodon.social/@campuscodi/112515152368833044) 2024-05-27T21:21:52Z ****
Security researcher Wang Tielen has published a PoC for CVE-2024-27842, a vulnerability patched this month by Apple that allows macOS apps to run arbitrary code with kernel privileges.

[https://github.com/wangtielei/POCs/tree/main/CVE-2024-27842](https://github.com/wangtielei/POCs/tree/main/CVE-2024-27842) ⌘ [Read more](https://mastodon.social/@campuscodi/112515148149790257) 2024-05-27T22:22:37Z ****
The Internet Archive, the organization behind the Wayback Machine, fell under a DDoS attack on Monday ⌘ [Read more](https://mastodon.social/@campuscodi/112515387066590337) 2024-05-27T23:20:23Z ****
Thanks to that stupid EU cookie bs, the

Wayback Machine is now capturing those popups instead of a site's content ⌘ [Read more](https://mastodon.social/@campuscodi/112515614192089334) 2024-05-28T11:12:07Z ****
The FBI estimates that the Scattered Spider cybercrime group has almost 1,000 members.

Speaking at a security conference last week, the FBI described the group as "very, very large" and claimed that many of the group's members don't know each other.

[https://cyberscoop.com/potent-youth-cybercrime-ring-made-up-of-1000-people-fbi-official-says/](https://cyberscoop.com/potent-youth-cybercrime-ring-made-up-of-1000-people-fbi-official-says/) ⌘ [Read more](https://mastodon.social/@campuscodi/112518412838012335) 2024-05-28T12:11:38Z ****
The creator of the Python programming language, Guido van Rossum, has dropped ownership of the CPython core code interpreter.

[https://github.com/python/cpython/pull/119611](https://github.com/python/cpython/pull/119611)

Code ownership is now being passed to Microsoft's Mark Shannon and one of the project's three initial members.

[https://www.linkedin.com/in/mark-shannon-bb459551/](https://www.linkedin.com/in/mark-shannon-bb459551/) ⌘ [Read more](https://mastodon.social/@campuscodi/112518646916333823) 2024-05-28T14:15:29Z ****
Security firm Shelltrail has published a three-part write-up on two vulnerabilities (CVE-2024-36036 & CVE-2024-36037) in ManageEngine ADAudit Plus, a product used for real-time monitoring of Active Directory, Windows file servers, and Windows configuration change auditing.

[https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part1/](https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2 ... ⌘ [Read more](https://mastodon.social/@campuscodi/112519133872878587) 2024-05-28T14:14:43Z ****
Chinese security firm QiAnXin has published a report on Kiteshield, an open-source packer for Linux ELF binaries that is currently abused in the wild by multiple threat actors targeting Linux infrastructure.

[https://blog.xlab.qianxin.com/kiteshield\_packer\_is\_being\_abused\_by\_linux\_cyber\_threat\_actors/](https://blog.xlab.qianxin.com/kiteshield_packer_is_being_abused_by_linux_cyber_threat_actors/)

[https://github.com/GunshipPenguin/kiteshield](https://github.com/GunshipPenguin/kiteshield) ⌘ [Read more](https://mastodon.social/@campuscodi/112519130905356071) 2024-05-28T16:19:33Z ****
Ransomware attack hits Russian delivery service CDEK

[https://www.vedomosti.ru/business/articles/2024/05/28/1039828-prichinoi-sboya-v-rabote-sdek-mog-stat-virus-shifrovalschik](https://www.vedomosti.ru/business/articles/2024/05/28/1039828-prichinoi-sboya-v-rabote-sdek-mog-stat-virus-shifrovalschik) ⌘ [Read more](https://mastodon.social/@campuscodi/112519621746544229) 2024-05-28T16:43:14Z ****
[North Korean APT group] "Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a malicious game, and deliver a new custom ransomware."

[https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/](https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of- ... ⌘ [Read more](https://mastodon.social/@campuscodi/112519714892723384) 2024-05-28T18:20:02Z ****
Sysdig documents Rebirth, a DDoS service catering for the gaming community... mostly CoD Warzone

[https://sysdig.com/blog/ddos-as-a-service-the-rebirth-botnet/](https://sysdig.com/blog/ddos-as-a-service-the-rebirth-botnet/) ⌘ [Read more](https://mastodon.social/@campuscodi/112520095471262669) 2024-05-28T19:37:40Z ****
The Rwandan government has deployed the NSO Group's Pegasus spyware against past political opponents, its own ministers, and even the family of a former presidential candidate.

Reporters from Forbidden Stories, discovered the attacks in a leaked list of phone numbers targeted with Pegasus spyware.

According to the same reporters, Rwandan officials had access to Pegasus between 2017 and 2021, after which its contract was not extended.

[https://forbiddenstories.org/pegasus-in-rwanda-sister-of-presidential-candi ... ⌘ [Read more](https://mastodon.social/@campuscodi/112520400740200404) 2024-05-28T19:42:29Z ****
The US has sanctioned the operators of the 911 S5 proxy botnet (2 residents of Singapore and one of Thailand)

-Yunhe Wang

-Jingping Liu

-Yanni Zhen

[https://home.treasury.gov/news/press-releases/jy2375](https://home.treasury.gov/news/press-releases/jy2375)

[https://ofac.treasury.gov/recent-actions/20240528\_33](https://ofac.treasury.gov/recent-actions/20240528_33)

No DOJ indictment so far! ⌘ [Read more](https://mastodon.social/@campuscodi/112520419678585706) 2024-05-28T21:46:47Z ****
OpenAI has established a Safety and Security Committee to advise its leadership on critical safety and security decisions for OpenAI projects.

The major infosec name on the committee is former NSA Director of Cybersecurity Rob Joyce, who will serve as a consultant.

[https://openai.com/index/openai-board-forms-safety-and-security-committee/](https://openai.com/index/openai-board-forms-safety-and-security-committee/) ⌘ [Read more](https://mastodon.social/@campuscodi/112520908500664912) 2024-05-29T10:06:06Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-ir-reports-are-not-protected-documents-multiple-judges-rule/](https://news.risky.biz/risky-biz-news-ir-reports-are-not-protected-documents-multiple-judges-rule/)

Podcast: [https://risky.biz/RBNEWS294/](https://risky.biz/RBNEWS294/)

-IR reports are not protected documents, multiple judges rule

-US sanctions Chinese nationals behind 911S5 proxy botnet

-MediSecure asks for a government bailout

-Check Point VPNs are under attack

-Ransomware hits Russian delive ... ⌘ [Read more](https://mastodon.social/@campuscodi/112523815551887654) 2024-05-29T10:12:23Z ****
Plus:

-Thailand launches Cyber Command unit

-US govt agencies to adopt RPKI

-Scattered Spider membership estimated ~1K

-New NL NCSC head

-Anatsa malware found on the Play Store

-Malware reports on Kiteshield Packer and Rebirth botnet

-Synapse ransomware avoids Iranian systems

-APT reports on Sapphire Werewolf, Blind Eagle, Moonstone Sleet

-PoCs released for Apple, FortiSIEM bugs

-Major RCE in TP-Link gaming routers

-Internet Archive under DDoS attack ⌘ [Read more](https://mastodon.social/@campuscodi/112523840269983328) 2024-05-30T00:24:04Z ****
The attacks are related to a security advisory it released earlier this week, where it warned about mysterious attacks on its VPN products. ⌘ [Read more](https://mastodon.social/@campuscodi/112527189249607588) 2024-05-30T00:23:43Z ****
Check Point has released a security update to patch a zero-day exploited in its VPN and security appliances.

Tracked as CVE-2024-24919, the zero-day is an information disclosure that allows threat actor to retrieve data from appliances.

[https://support.checkpoint.com/results/sk/sk182336](https://support.checkpoint.com/results/sk/sk182336)

Security firm Mnemonic says it observed threat actors use the vulnerability to enumerate and extract password hashes, including the accounts used to connect to Active Direc ... ⌘ [Read more](https://mastodon.social/@campuscodi/112527187840650125) 2024-05-30T01:04:29Z ****
Netflix says it has now awarded more than $1 million to security researchers via its bug bounty program

[https://netflixtechblog.medium.com/a-whistledown-exclusive-netflixs-journey-to-one-million-in-bug-bounty-and-beyond-9087ffebc3e1](https://netflixtechblog.medium.com/a-whistledown-exclusive-netflixs-journey-to-one-million-in-bug-bounty-and-beyond-9087ffebc3e1) ⌘ [Read more](https://mastodon.social/@campuscodi/112527348165974774) 2024-05-30T09:01:25Z ****
A coalition of international law enforcement agencies have taken down servers from multiple malware-loader botnets

Listed "victims" include:

-IcedID

-SystemBC

-Pikabot

-Smokeloader

-Bumblebee

-Trickbot

LEA calls the campaign Operation Endgame: [https://operation-endgame.com/](https://operation-endgame.com/)

Europol: [https://www.europol.europa.eu/media-press/newsroom/news/largest-ever-operation-against-botnets-hits-dropper-malware-ecosystem](https://www.europol.europa.eu/media-press/newsroom/news/larges ... ⌘ [Read more](https://mastodon.social/@campuscodi/112529223559738366) 2024-05-30T10:40:34Z ****
HN Security has found three vulnerabilities in the Eclipse ThreadX real-time operating system—formerly known as the Microsoft Azure RTOS (before it was transferred over to the Eclipse Foundation).

[https://security.humanativaspa.it/multiple-vulnerabilities-in-eclipse-threadx/](https://security.humanativaspa.it/multiple-vulnerabilities-in-eclipse-threadx/) ⌘ [Read more](https://mastodon.social/@campuscodi/112529613411293643) 2024-05-30T12:10:50Z ****
Something from yesterday, the US arrested one of the 911 S5 botnet admins, disrupted their botnet:

[https://www.youtube.com/watch?v=ltDurBG7vlE](https://www.youtube.com/watch?v=ltDurBG7vlE)

[https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operation](https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operation) ⌘ [Read more](https://mastodon.social/@campuscodi/112529968389151834) 2024-05-30T12:17:10Z ****
Microsoft plans to deprecate TLS server authentication certificates with 1024-bit RSA keys by the end of the year.

[https://techcommunity.microsoft.com/t5/windows-it-pro-blog/tls-server-authentication-deprecation-of-weak-rsa-certificates/ba-p/4134028](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/tls-server-authentication-deprecation-of-weak-rsa-certificates/ba-p/4134028) ⌘ [Read more](https://mastodon.social/@campuscodi/112529993291134809) 2024-05-30T12:46:54Z ****
Japanese authorities have arrested a 25-year-old man for allegedly creating ransomware using generative AI tools

[https://japannews.yomiuri.co.jp/society/crime-courts/20240528-188598/](https://japannews.yomiuri.co.jp/society/crime-courts/20240528-188598/) ⌘ [Read more](https://mastodon.social/@campuscodi/112530110178855633) 2024-05-30T13:09:29Z ****
New LilacSquid APT

[https://blog.talosintelligence.com/lilacsquid/](https://blog.talosintelligence.com/lilacsquid/) ⌘ [Read more](https://mastodon.social/@campuscodi/112530198977118934) 2024-05-30T13:57:32Z ****
The US National Institute of Standards and Technology says it hired a new contractor to help the agency deal with the backlog of unprocessed entries in the National Vulnerability Database.

NIST staff slowed down the pace of new NVD entries in mid-February, citing a need to re-organize and the increasing volume of vulnerabilities.

The agency now says it expects the backlog to be cleared by the end of the fiscal year.

[https://www.nist.gov/itl/nvd](https://www.nist.gov/itl/nvd) ⌘ [Read more](https://mastodon.social/@campuscodi/112530387946440208) 2024-05-30T14:25:23Z ****
A malware strain named Chalubo wiped more than 600,000 ActionTec routers at the end of last year

Lumen report here: [https://blog.lumen.com/the-pumpkin-eclipse/](https://blog.lumen.com/the-pumpkin-eclipse/)

Lumen doesn't name the victim, but based on my amateurish OSINT skills, this looks like a US telco (if someone else can confirm plz ![:clippy:](https://files.mastodon.social/custom_emojis/images/000/361/360/original/1e6837de9d441a3e.png) ) ⌘ [Read more](https://mastodon.social/@campuscodi/112530497458829436) 2024-05-30T14:22:27Z ****
Home-made bomb explodes in an apartment in Romania.

It's unclear what the bomb was for, but this comes after Romanian authorities detained a man suspected of espionage on behalf of Russia and as Russian sabotage efforts are intensifying across Europe

[https://stirileprotv.ro/stiri/actualitate/cine-este-barbatul-mort-in-timp-ce-construia-o-bomba-in-casa-la-fetesti-zse-uita-pe-youtube-cum-sa-si-faca-bombe.html](https://stirileprotv.ro/stiri/actualitate/cine-este-barbatul-mort-in-timp-ce-construia-o-bomba-in-casa ... ⌘ [Read more](https://mastodon.social/@campuscodi/112530485885709471) 2024-05-30T16:35:19Z ****
According to the FBI, commercial VPN solutions that used the 911 S5 botnet infrastructure include MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN

[https://www.ic3.gov/Media/Y2024/PSA240529](https://www.ic3.gov/Media/Y2024/PSA240529) ⌘ [Read more](https://mastodon.social/@campuscodi/112531008376757943) 2024-05-30T18:00:10Z ****
The European Court of Human Rights (ECHR) has ruled that a Polish surveillance law violates the European Convention on Human Rights.

The ECHR ruled that Poland's secret surveillance program violated the personal privacy of its targets and did not provide an avenue of appeal.

The court also found the program did not undergo reviews by an independent body and was subject to political influence.

[https://notesfrompoland.com/2024/05/29/polish-surveillance-law-violates-human-rights-rules-european-court/](https://n ... ⌘ [Read more](https://mastodon.social/@campuscodi/112531341989926849) 2024-05-30T17:59:13Z ****
Activision has won a lawsuit against EngineOwning, a company that makes cheats for Call of Duty games.

The judge awarded Activision a default judgement of $14.4 million and has ordered EngineOwning to stop making cheats and turn over its website to Activision.

[https://www.theverge.com/2024/5/29/24166932/activision-call-of-duty-cheat-creator-lawsuit-engineowning](https://www.theverge.com/2024/5/29/24166932/activision-call-of-duty-cheat-creator-lawsuit-engineowning) ⌘ [Read more](https://mastodon.social/@campuscodi/112531338292894495) 2024-05-30T18:05:03Z ****
WatchTowr Labs has published a write-up on that Check Point zero-day from yesterday

[https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/](https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/) ⌘ [Read more](https://mastodon.social/@campuscodi/112531361216204203) 2024-05-30T18:14:28Z ****
US authorities have issued an arrest warrant for an 18-year-old student for launching cyberattacks that disrupted the STAAR online exams in the state of Texas

[https://www.houstonchronicle.com/neighborhood/spring-klein/article/klein-cyberattack-staar-testing-19481598.php](https://www.houstonchronicle.com/neighborhood/spring-klein/article/klein-cyberattack-staar-testing-19481598.php) ⌘ [Read more](https://mastodon.social/@campuscodi/112531398201514002) 2024-05-30T18:14:06Z ****
Indian authorities have arrested five suspects on charges of trafficking unwitting job seekers into Southeast Asian scam compounds

[https://therecord.media/india-arrests-human-trafficking-southeast-asia-scam-compounds](https://therecord.media/india-arrests-human-trafficking-southeast-asia-scam-compounds) ⌘ [Read more](https://mastodon.social/@campuscodi/112531396774523354) 2024-05-30T18:30:17Z ****
OpenAI says it disrupted five influence networks that were using its systems for info-ops

[https://openai.com/index/disrupting-deceptive-uses-of-AI-by-covert-influence-operations/](https://openai.com/index/disrupting-deceptive-uses-of-AI-by-covert-influence-operations/) ⌘ [Read more](https://mastodon.social/@campuscodi/112531460447684401) 2024-05-30T19:00:09Z ****
Cloudflare has shut down accounts on its platform used by a Russian threat actor known as FlyingYeti to launch phishing attacks on Ukrainian users and organizations.

[https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine](https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine) ⌘ [Read more](https://mastodon.social/@campuscodi/112531577861196898) 2024-05-30T19:38:21Z ****
Recorded Future has published a report on a cyber-espionage campaign carried out by Russian APT group BlueDelta that primarily targeted Ukrainian and European organizations with a tangent to Russia's war in Ukraine.

The final payload in this campaign was the Headlace infostealer.

The campaign started in late 2023 and is ongoing.

[https://www.recordedfuture.com/grus-bluedelta-targets-key-networks-in-europe-with-multi-phase-espionage-camp](https://www.recordedfuture.com/grus-bluedelta-targets-key-networks-in-eu ... ⌘ [Read more](https://mastodon.social/@campuscodi/112531728049979421) 2024-05-30T19:56:09Z ****
Microsoft not saying a peep about the Recall privacy scandal is a huge tell of how much the company is focused on security

We should have had a statement by now that Recall is either re-engineered or removed ⌘ [Read more](https://mastodon.social/@campuscodi/112531798077870646) 2024-05-30T20:24:49Z ****
"Merry-Go-Round is the name HUMAN researchers have given to two independent rings of websites that operate and redirect traffic among each other in pop-under tabs, racking up digital ad impressions that are concealed from the user."

[https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-merry-go-round-conceals-ads-from-users-and-brands](https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-merry-go-round-conceals-ads-from-users-and-brands) ⌘ [Read more](https://mastodon.social/@campuscodi/112531910799124720) 2024-05-31T10:04:23Z ****
Plus:

-Okta discloses cred-stuffing attacks

-Cloudflare disrupts FlyingYeti operations

-Malware reports on Ov3r\_Stealer, AllaSenha, Cuckoo, CryptoChameleon, RedTail

-New Merry-Go-Round ad fraud scheme

-APT report on Andariel, LightSpy, LilacSquid, APT41, BlueDelta

-OpenAI and Meta disrupt influence networks

-NIST backlog expected to be fixed by end of year

-MinMax CMS secret backdoor

-Security updates for ASUS, XZ-Utils, TeamCity

-Docker blocked in Russia

-Cloudflare buys BastionZero ⌘ [Read more](https://mastodon.social/@campuscodi/112535133447454121) 2024-05-31T10:00:13Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-law-enforcement-disrupts-six-malware-botnets/](https://news.risky.biz/risky-biz-news-law-enforcement-disrupts-six-malware-botnets/)

Podcast: [https://risky.biz/RBNEWS295/](https://risky.biz/RBNEWS295/)

-Law enforcement disrupts six malware botnets

-Check Point patches zero-day

-ISP loses 600,000 routers in data-wiping attack

-Poland's secret surveillance program deemed illegal

-Pegasus used against RU&BE independent journalists

-Israel accused of hacking ... ⌘ [Read more](https://mastodon.social/@campuscodi/112535117063740013) 2024-06-01T18:10:54Z ****
Japanese crypto exchange DMM Bitcoin hacked hacked for $305 million

[https://bitcoin-dmm-com.translate.goog/news/20240531\_01?\_x\_tr\_sl=auto&\_x\_tr\_tl=en&\_x\_tr\_hl=en&\_x\_tr\_pto=wapp](https://bitcoin-dmm-com.translate.goog/news/20240531_01?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp) ⌘ [Read more](https://mastodon.social/@campuscodi/112542708850858312) 2024-06-01T18:45:03Z ****
Does anyone know an alternative for Old Dominion's website carbon-dating tool?

Seems to be dead for a few days now: [https://carbondate.cs.odu.edu/](https://carbondate.cs.odu.edu/) ⌘ [Read more](https://mastodon.social/@campuscodi/112542843130468054) 2024-06-01T22:30:47Z ****
IoT search engine Censys is seeing almost 14,000 Check Point security gateways connected to the internet: [https://censys.com/cve-2024-24919/](https://censys.com/cve-2024-24919/)

The devices may be vulnerable to CVE-2024-24919, a zero-day in the company's devices that was patched last week: [https://support.checkpoint.com/results/sk/sk182336](https://support.checkpoint.com/results/sk/sk182336) ⌘ [Read more](https://mastodon.social/@campuscodi/112543730743663032) 2024-06-01T22:35:06Z ****
Talks from the Disobey 2024 security conference, which took place in February in Helsinki, are available on YouTube

[https://www.youtube.com/playlist?list=PLLvAhAn5sGfiB9AlEt2KD7H9Dnr6kbd64](https://www.youtube.com/playlist?list=PLLvAhAn5sGfiB9AlEt2KD7H9Dnr6kbd64) ⌘ [Read more](https://mastodon.social/@campuscodi/112543747724799242) 2024-06-02T14:48:27Z ****
We now have a Crypto ISAC, and with some respectable founding members too

[https://www.cryptoisac.org/news-member-content/crypto-isac-launches-to-spearhead-ecosystem-wide-security-initiatives](https://www.cryptoisac.org/news-member-content/crypto-isac-launches-to-spearhead-ecosystem-wide-security-initiatives) ⌘ [Read more](https://mastodon.social/@campuscodi/112547575081786306) 2024-06-02T16:21:32Z ****
AI platform Hugging Face discloses security breach

[https://huggingface.co/blog/space-secrets-disclosure](https://huggingface.co/blog/space-secrets-disclosure) ⌘ [Read more](https://mastodon.social/@campuscodi/112547941063898194) 2024-06-02T22:41:56Z ****
The German government is investigating a cyber attack on the country's leading party, the German Christian Democrats (CDU).

The country's Interior Ministry described the incident as "serious" and said teams have taken down affected systems.

[https://www.dw.com/en/germany-major-hack-targets-center-right-cdu-party/a-69242147](https://www.dw.com/en/germany-major-hack-targets-center-right-cdu-party/a-69242147) ⌘ [Read more](https://mastodon.social/@campuscodi/112549436884326034) 2024-06-02T22:41:29Z ****
Oil and gas giant Shell is investigating a security breach after a threat actor began advertising the company's data on a hacking forum

[https://www.ctvnews.ca/business/shell-investigating-a-potential-cybersecurity-incident-1.6907509](https://www.ctvnews.ca/business/shell-investigating-a-potential-cybersecurity-incident-1.6907509)

[https://mastodon.social/@DarkWebInformer@infosec.exchange/112524701891915782](https://mastodon.social/@DarkWebInformer@infosec.exchange/112524701891915782) ⌘ [Read more](https://mastodon.social/@campuscodi/112549435109260789) 2024-06-03T17:04:44Z ****
Local and EU Parliament elections are set to take place in Romania over the weekend and social media is flooded with ads spreading the most blatant fakes and lies.

Here's the catch... you can't report any of them unless the ads have violated "copyright" or something.

Nice job social media companies. You literally had one job!

Example: [https://www.hotnews.ro/stiri-esential-27183752-filiera-psd-furnizat-presei-document-care-sustine-elevul-nicusor-dan-colaborat-securitatea-cand-avea-17-ani-dat-note-despre-coleg ... ⌘ [Read more](https://mastodon.social/@campuscodi/112553773253378944) 2024-06-04T01:34:41Z ****
Mobile operating system GrapheneOS is adding support for a duress password.

The feature will allow users to set a special password that deletes all their data when entered.

GrapheneOS says the duress-initiated wipe does not require a reboot and cannot be interrupted.

[https://grapheneos.org/features#duress](https://grapheneos.org/features#duress) ⌘ [Read more](https://mastodon.social/@campuscodi/112555778483186374) 2024-06-04T08:45:24Z ****
QNAP says it will stop using a device's MAC address as its default password.

Going forward, the company will use a cloud app named Cloud Key and data from the device's label to provide new users access to their devices.

[https://www.qnap.com/en/news/2024/qnap-enhances-nas-initialization-process-switches-to-cloud-key-as-default-password-for-improved-security](https://www.qnap.com/en/news/2024/qnap-enhances-nas-initialization-process-switches-to-cloud-key-as-default-password-for-improved-security) ⌘ [Read more](https://mastodon.social/@campuscodi/112557472100243829) 2024-06-04T08:44:47Z ****
HIBP has recently indexed more than 361 million email addresses that a security researcher scrapped from Telegram channels.

There's no Telegram leak. These are emails shared inside Telegram groups and channels—typically in ones advertising hacked data. That's quite a lot if I'm being honest!

[https://www.troyhunt.com/telegram-combolists-and-361m-email-addresses/](https://www.troyhunt.com/telegram-combolists-and-361m-email-addresses/) ⌘ [Read more](https://mastodon.social/@campuscodi/112557469677446578) 2024-06-04T09:10:39Z ****
Sekoia has published a report on the now-seized PikaBot malware loader botnet.

Sekoia was one of the companies that participated in Europol's Operation Endgame, which took down the botnet last week.

The report looks at PikaBot's history since it launched in February 2023.

[https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/](https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/) ⌘ [Read more](https://mastodon.social/@campuscodi/112557571393159924) 2024-06-04T14:23:47Z ****
The government of Canada's British Columbia region says a recent state-sponsored hack of its IT systems "hit 22 email boxes containing sensitive information about 19 people."

[https://www.cbc.ca/news/canada/british-columbia/farnworth-cybersecurity-attack-security-1.7223125](https://www.cbc.ca/news/canada/british-columbia/farnworth-cybersecurity-attack-security-1.7223125) ⌘ [Read more](https://mastodon.social/@campuscodi/112558802699910325) 2024-06-04T15:40:04Z ****
CISA has updated its KEV database with a new vulnerability currently actively exploited in the wild, a 2017 Oracle WebLogic command injection tracked as CVE-2017-3506.

Changes this is used for crypto-mining... over 90% ![:nigmathink:](https://files.mastodon.social/custom_emojis/images/000/016/596/original/nigmathink.png)

[https://www.cisa.gov/news-events/alerts/2024/06/03/cisa-adds-one-known-exploited-vulnerability-catalog](https://www.cisa.gov/news-events/alerts/2024/06/03/cisa-adds-one-known-exploited-vulner ... ⌘ [Read more](https://mastodon.social/@campuscodi/112559102635496116) 2024-06-04T15:39:33Z ****
PQShield cryptography security analyst Antoon Purnal has published a proof-of-concept named ClangOver that exploits a timing leak in the reference implementation of Kyber (ML-KEM), the soon-to-be NIST standard for post-quantum key encapsulation.

[https://github.com/antoonpurnal/clangover](https://github.com/antoonpurnal/clangover)

Later edit:

Forgot the blog post link: [https://pqshield.com/pqshield-plugs-timing-leaks-in-kyber-ml-kem-to-improve-pqc-implementation-maturity/](https://pqshield.com/pqshield-plugs ... ⌘ [Read more](https://mastodon.social/@campuscodi/112559100622413273) 2024-06-04T16:09:54Z ****
Some infosec reports from the past days:

Abnormal Security: [https://abnormalsecurity.com/resources/state-of-cloud-account-takeover-attacks](https://abnormalsecurity.com/resources/state-of-cloud-account-takeover-attacks)

Akamai: [https://www.au10tix.com/landing/q1-2024-global-identity-fraud-report/](https://www.au10tix.com/landing/q1-2024-global-identity-fraud-report/)

AU10TIX: [https://www.au10tix.com/landing/q1-2024-global-identity-fraud-report/](https://www.au10tix.com/landing/q1-2024-global-identity-fraud ... ⌘ [Read more](https://mastodon.social/@campuscodi/112559219935699320) 2024-06-04T16:31:40Z ****
Apparently related to this: [https://www.england.nhs.uk/london/2024/06/04/nhs-london-statement-on-synnovis-ransomware-cyber-attack/](https://www.england.nhs.uk/london/2024/06/04/nhs-london-statement-on-synnovis-ransomware-cyber-attack/) ⌘ [Read more](https://mastodon.social/@campuscodi/112559305583483390) 2024-06-04T16:25:46Z ****
A cyber attack has forced three major UK hospitals to cancel operations and redirect emergency patients to other nearby care facilities.

According to Metro, the incident has impacted transplant surgeries and blood transfusion centers.

[https://metro.co.uk/2024/06/04/cyber-attack-forces-three-major-hospitals-cancel-operations-20968948/](https://metro.co.uk/2024/06/04/cyber-attack-forces-three-major-hospitals-cancel-operations-20968948/) ⌘ [Read more](https://mastodon.social/@campuscodi/112559282336431893) 2024-06-04T16:45:32Z ****
Just look at this chart!

What are we doing JS developers?

How tf do you have 1,400 dependencies in a project?

Do we actually code anymore or we just playing with legos at this point? ⌘ [Read more](https://mastodon.social/@campuscodi/112559360050332521) 2024-06-04T16:44:09Z ****
From this report: [https://mastodon.social/@ravirockks@infosec.exchange/112555805013166419](https://mastodon.social/@ravirockks@infosec.exchange/112555805013166419)

"Including any given PHP library has a greater than 50% chance of bringing a security flaw along with it."

kek 😆 ⌘ [Read more](https://mastodon.social/@campuscodi/112559354659802115) 2024-06-04T16:54:30Z ****
The Bian Lian ransomware gang has taken credit for a ransomware attack on Northern Minerals, one of Australia's largest rare-earth mining companies.

Northern Minerals has confirmed the incident in a filing with the Australian Securities Exchange.

PDF: [https://cdn-api.markitdigital.com/apiman-gateway/ASX/asx-research/1.0/file/2924-02814126-6A1210386](https://cdn-api.markitdigital.com/apiman-gateway/ASX/asx-research/1.0/file/2924-02814126-6A1210386)

Coverage: [https://www.cyberdaily.au/security/10662-exclusive ... ⌘ [Read more](https://mastodon.social/@campuscodi/112559395364364957) 2024-06-04T17:15:51Z ****
Security researcher Alexander Hagenah has released TotalRecall, a tool that extracts and displays data from the Recall feature in Windows 11.

[https://github.com/xaitax/TotalRecall](https://github.com/xaitax/TotalRecall) ⌘ [Read more](https://mastodon.social/@campuscodi/112559479294594886) 2024-06-04T18:22:00Z ****
Talks from the OffensiveCon24 security conference, which took place at the start of May in Berlin, are available on YouTube:

[https://www.youtube.com/playlist?list=PLYvhPWR\_XYJlg1SfcKdZY6eXUTPPqnh\_G](https://www.youtube.com/playlist?list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G) ⌘ [Read more](https://mastodon.social/@campuscodi/112559739432931149) 2024-06-04T18:38:08Z ****
The Android red team has a blog:

[https://androidoffsec.withgoogle.com](https://androidoffsec.withgoogle.com) ⌘ [Read more](https://mastodon.social/@campuscodi/112559802811754712) 2024-06-04T20:48:42Z ****
A Zero Day TikTok Hack Is Taking Over Celebrity And Brand Accounts

[https://www.forbes.com/sites/emilybaker-white/2024/06/04/a-zero-day-tiktok-hack-is-taking-over-celebrity-and-brand-accounts/?sh=334144b6060a](https://www.forbes.com/sites/emilybaker-white/2024/06/04/a-zero-day-tiktok-hack-is-taking-over-celebrity-and-brand-accounts/?sh=334144b6060a) ⌘ [Read more](https://mastodon.social/@campuscodi/112560316230415206) 2024-06-05T09:17:53Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-the-linux-cna-mess/](https://news.risky.biz/risky-biz-news-the-linux-cna-mess/)

Podcast: [https://risky.biz/RB297a/](https://risky.biz/RB297a/)

-The Linux CNA mess you didn't know about

-TikTok zero-day used to hack high-profile accounts

-New APT targets China

-Hungary's ruling party boycotts Russian hack investigation

-Australian rare-earth mining company hit by ransomware attack

-GrapheneOS adds duress password

-Denmark raises cyber threat level

-Whit ... ⌘ [Read more](https://mastodon.social/@campuscodi/112563262186355540) 2024-06-05T09:23:26Z ****
Plus:

-APT reports on APT28, APT29, UAC-0900

-Malware reports on DarkGate, PikaBot, Vidar

-New V3B PhaaS

-QNAP changes default passwords on its NASs

-Google to track Drive API changes now to fight abuse

-noyb files complaint against Microsoft 365 Education

-Microsoft removes local account install support on Win11

-Data broker execs convicted

-Android security updates

-Zyxel removes "NsaRescueAngel" backdoor account (lol)

-OpenSSL security audit

-ClangOver attack on ML-KEM

-OffensiveCon24 videos ⌘ [Read more](https://mastodon.social/@campuscodi/112563284007599952) 2024-06-06T10:04:33Z ****
Cisco has rolled out patches for the Webex application to fix a bug that allowed unauthorized access to Webex meetings and metadata information.

The company says the bugs were exploited by security researchers at the end of May.

Cisco is notifying customers who had their data collected during the research.

[https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-june-2024](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-june-202 ... ⌘ [Read more](https://mastodon.social/@campuscodi/112569108002315205) 2024-06-06T10:04:12Z ****
Eugenio Benincasa, a Cyber Defense Researcher at the Technical University of Zurich (ETH Zurich), has published a 74-page paper on the connections between China's hacking contests and bug bounty platforms and the country's offensive cyber capabilities.

PDF: [https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/CyberDefenseReport\_%20From%20Vegas%20to%20Chengdu.pdf](https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/Cyber ... ⌘ [Read more](https://mastodon.social/@campuscodi/112569106598801396) 2024-06-06T10:19:39Z ****
Attacks using CVE-2024-4358 have been observed against Progress Telerik Report Servers

[https://mastodon.social/@shadowserver@infosec.exchange/112568641147622840](https://mastodon.social/@shadowserver@infosec.exchange/112568641147622840)

Attacks began after PoC was published online earlier this week: [https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/](https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/) ⌘ [Read more](https://mastodon.social/@campuscodi/112569167315723515) 2024-06-06T10:49:36Z ****
Cisco under investigation in Romania for allegedly rigging some public IT tenders

RO: [https://economie.hotnews.ro/stiri-telecom-27191430-reactia-cisco-dupa-hotnews-scris-vizata-investigatia-privind-posibila-trucare-unor-licitatii-romania.htm](https://economie.hotnews.ro/stiri-telecom-27191430-reactia-cisco-dupa-hotnews-scris-vizata-investigatia-privind-posibila-trucare-unor-licitatii-romania.htm)

GT: [https://economie-hotnews-ro.translate.goog/stiri-telecom-27191430-reactia-cisco-dupa-hotnews-scris-vizata-inv ... ⌘ [Read more](https://mastodon.social/@campuscodi/112569285122609698) 2024-06-06T11:01:47Z ****
A Chinese cybercrime group is targeting websites built using the ThinkPHP framework in attacks designed to install a new web shell named Dama.

The attacks exploit two old 2018 and 2019 vulnerabilities in the framework, mostly used by Chinese-speaking developers.

Akamai says the attacks started last October and are ongoing.

The company couldn't say what the final payload was (i.e., cryptomining, proxy bot, DDoS, etc.).

[https://www.akamai.com/blog/security-research/2024/jun/2024-thinkphp-applications-exploit- ... ⌘ [Read more](https://mastodon.social/@campuscodi/112569333002081397) 2024-06-06T11:34:39Z ****
BI.ZONE's report on the Sapphire Werewolf APT is now available in English:

[https://bi-zone.medium.com/sapphire-werewolf-polishes-amethyst-stealer-to-attack-over-300-companies-b547e8b76109](https://bi-zone.medium.com/sapphire-werewolf-polishes-amethyst-stealer-to-attack-over-300-companies-b547e8b76109) ⌘ [Read more](https://mastodon.social/@campuscodi/112569462246074140) 2024-06-06T11:28:23Z ****
South Korean security firm AhnLab has spotted a spear-phishing campaign that tries to bypass security defenses by asking users to copy-paste malicious PowerShell commands in their Windows Run prompt.

[https://asec.ahnlab.com/en/66300/](https://asec.ahnlab.com/en/66300/) ⌘ [Read more](https://mastodon.social/@campuscodi/112569437589858125) 2024-06-06T11:44:09Z ****
The Daixin ransomware team claims to have breached the Dubai municipal government

[https://databreaches.net/2024/06/05/daixin-team-claims-to-have-breached-the-dubai-municipality/](https://databreaches.net/2024/06/05/daixin-team-claims-to-have-breached-the-dubai-municipality/) ⌘ [Read more](https://mastodon.social/@campuscodi/112569499605492878) 2024-06-06T13:33:59Z ****
Privacy organization noyb has asked data protection agencies in 11 EU countries to investigate Meta for its plan to use Facebook user data to train its AI

[https://noyb.eu/en/noyb-urges-11-dpas-immediately-stop-metas-abuse-personal-data-ai](https://noyb.eu/en/noyb-urges-11-dpas-immediately-stop-metas-abuse-personal-data-ai) ⌘ [Read more](https://mastodon.social/@campuscodi/112569931515193851) 2024-06-06T14:17:35Z ****
(2/2)

The campaign launched a month after the Hamas October 7 attack and targeted at least 128 members of the US Congress. According to disinformation experts, social media accounts controlled by STOIC targeted US lawmakers with pro-Israeli propaganda and anti-Arab views. STOIC's campaign was also spotted and disrupted by Meta and OpenAI earlier this month.

PDF: [https://fakereporter.net/pdf/pro-Israeli\_influence\_network-new\_findings-0624.pdf](https://fakereporter.net/pdf/pro-Israeli_influence_network-new_f ... ⌘ [Read more](https://mastodon.social/@campuscodi/112570102955012390) 2024-06-06T14:16:51Z ****
According to reports from the New York Times and Haaretz, the Israel Ministry of Diaspora Affairs paid a private company named STOIC $2 million for a social media influence campaign that targeted US politicians. (1/2)

[https://www.nytimes.com/2024/06/05/technology/israel-campaign-gaza-social-media.html](https://www.nytimes.com/2024/06/05/technology/israel-campaign-gaza-social-media.html)

[https://www.nytimes.com/2024/06/05/technology/israel-campaign-gaza-social-media.html](https://www.nytimes.com/2024/06/05/te ... ⌘ [Read more](https://mastodon.social/@campuscodi/112570100081791150) 2024-06-06T14:53:51Z ****
Positive Technologies has published a report on ExCobalt, a former cybercrime group that is now conducting cyber-espionage operations against Russian targets. The group's latest attacks involved the use of a Go-based backdoor named GoRed.

[https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/preview/ex-cobalt-go-red-tehnika-skrytogo-tunnelya/](https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/preview/ex-cobalt-go-red-tehnika-skrytogo-tunnelya/)

ExCobalt appears to be related ... ⌘ [Read more](https://mastodon.social/@campuscodi/112570245516235658) 2024-06-06T15:03:42Z ****
A team of Chinese academics has discovered a security flaw in the design of RISC-V SonicBOOM processors: [https://www.nwpu.edu.cn/info/1198/86148.htm](https://www.nwpu.edu.cn/info/1198/86148.htm)

Technical details are available here:

[https://mp.weixin.qq.com/s/ke8tBpJ7NpvUEAecov--UQ](https://mp.weixin.qq.com/s/ke8tBpJ7NpvUEAecov--UQ) ⌘ [Read more](https://mastodon.social/@campuscodi/112570284247305352) 2024-06-06T16:14:12Z ****
Security firm Ambionics open-sourced Scalpel, a Burp extension for intercepting and rewriting HTTP traffic

[https://www.ambionics.io/blog/scalpel](https://www.ambionics.io/blog/scalpel)

[https://github.com/ambionics/scalpel/](https://github.com/ambionics/scalpel/) ⌘ [Read more](https://mastodon.social/@campuscodi/112570561523052395) 2024-06-06T16:10:04Z ****
NIST's CyberSeek project says the US still needs over 225,000 professionals to close its cybersecurity workforce shortage.

The agency says that only 85% of the the 1.2 million cybersecurity jobs in the US are occupied.

[https://www.securityweek.com/225000-more-cybersecurity-workers-needed-in-us-cyberseek/](https://www.securityweek.com/225000-more-cybersecurity-workers-needed-in-us-cyberseek/)

Interactive map: [https://www.cyberseek.org/heatmap.html](https://www.cyberseek.org/heatmap.html) ⌘ [Read more](https://mastodon.social/@campuscodi/112570545237451333) 2024-06-06T16:40:38Z ****
Ukraine's CERT team says a threat actor it tracks as UAC-0020 (Vermin) is targeting its military with spear-phishing attacks designed to deliver the SPECTR infostealer.

The group has returned with new attacks after first being spotted in March 2022, shortly after Russia's invasion of Ukraine.

Officials claim the Vermin group receives orders from law enforcement agencies in the Luhansk occupied territory.

[https://cert.gov.ua/article/6279600](https://cert.gov.ua/article/6279600) ⌘ [Read more](https://mastodon.social/@campuscodi/112570665407157399) 2024-06-06T17:25:27Z ****
Russian independent news outlet Meduza is warning that Russian propagandists are pushing disinformation using misleading cutouts of its (and others') content.

[https://meduza.io/en/feature/2024/06/05/we-thought-we-d-return-the-favor](https://meduza.io/en/feature/2024/06/05/we-thought-we-d-return-the-favor) ⌘ [Read more](https://mastodon.social/@campuscodi/112570841635988428) 2024-06-06T17:27:45Z ****
Ukraine's GUR military intelligence agency took credit for a series of DDoS attacks that targeted the websites and systems of multiple Russian government agencies

[https://www.pravda.com.ua/news/2024/06/5/7459288/](https://www.pravda.com.ua/news/2024/06/5/7459288/) ⌘ [Read more](https://mastodon.social/@campuscodi/112570850697214967) 2024-06-06T17:44:37Z ****
FCC passes rules to require broadband providers to file confidential reports on BGP protections and incidents

[https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements](https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements) ⌘ [Read more](https://mastodon.social/@campuscodi/112570916997562916) 2024-06-06T17:49:55Z ****
French authorities have detained a 16-year-old teen for running a malware rental business.

The teen used nicknames such as ChatNoir and Cap and was part of the Epsilon hacker group that breached the Altice French multinational earlier this year.

According to posts on the group's Telegram channel, the teenager appears to be behind the WaveStealer malware.

[https://www.lemonde.fr/pixels/article/2024/06/05/cybercriminalite-un-adolescent-interpelle-dans-l-enquete-sur-le-groupe-de-pirates-epsilon\_6237496\_4408996 ... ⌘ [Read more](https://mastodon.social/@campuscodi/112570937875336287) 2024-06-06T18:07:15Z ****
The FCC has allocated $200 million to fund the acquisition of cybersecurity services and products at K-12 schools and libraries.

The funds will be made available in the next three years through the FCC E-Rate program. Prior to this year, E-Rate funds could previously only be used to purchase internet subscriptions and networking devices.

[https://www.fcc.gov/document/fcc-adopts-200m-cybersecurity-pilot-program-schools-libraries](https://www.fcc.gov/document/fcc-adopts-200m-cybersecurity-pilot-program-schools-l ... ⌘ [Read more](https://mastodon.social/@campuscodi/112571006054443641) 2024-06-06T18:56:19Z ****
For infosec practitioners who follow or run Twitch cybersecurity channels, Twitch is changing Tier 1 monthly subscription prices from $4.99 to $5.99 per month on July 11.

[https://help.twitch.tv/s/article/local-sub-price-countries?language=en\_US](https://help.twitch.tv/s/article/local-sub-price-countries?language=en_US) ⌘ [Read more](https://mastodon.social/@campuscodi/112571198941921424) 2024-06-07T08:53:16Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-interpol-plugs-red-notices-leak/](https://news.risky.biz/risky-biz-news-interpol-plugs-red-notices-leak/)

Podcast: [https://risky.biz/RBNEWS298/](https://risky.biz/RBNEWS298/)

-Interpol plugs Red Notices leak

-Kaspersky says Apple didn't pay bounty for Triangulation report

-Medibank faces monumental fine

-CISA named as first-ever CVE ADP

-Dubai hit by ransomware attack

-Disney hacked for ClubPenguin data

-Cisco fixes bug used by German journalists

-iPho ... ⌘ [Read more](https://mastodon.social/@campuscodi/112574490010485685) 2024-06-07T08:57:17Z ****
Plus:

-New GitHub repo-wiping attacks

-WatchGuard VPNs see brute-force attacks

-Malware reports on Dama, Muhstik, Commando Cat, PlugX, DarkGate, Seidr, TargetCompany, RansomHub, Fog

-APT reports on Mustang Panda, Crimson Palace, Sapphire Werewolf, Vermin, ExCobalt

-Israel govt paid for disinfo campaign

-Russian disinfo ops are everywhere these days

-Security updates for RoR, Elastic, SolarWinds

-Vuln reports in PHP-CGI, HugeGraph

-Telerik servers under attack

-Cyber job shortage not as bad in US ⌘ [Read more](https://mastodon.social/@campuscodi/112574505746840904) 2024-06-07T23:24:54Z ****
CoinGecko data breach

[https://www.coingecko.com/learn/getresponse-data-breach-june-2024](https://www.coingecko.com/learn/getresponse-data-breach-june-2024)

via intrusion at email provider GetResponse: [https://www.getresponse.com/blog/security-incident-june-5](https://www.getresponse.com/blog/security-incident-june-5) ⌘ [Read more](https://mastodon.social/@campuscodi/112577917392777038) 2024-06-09T11:07:50Z ****
WolfSSL has open-sourced WolfHSM, a quantum-resistant cryptography framework for Automotive HSMs (Hardware Security Modules)

[https://www.prweb.com/releases/wolfssl-inc-announces-wolfhsm-for-automotive-hsms-hardware-security-modules-302163846.html](https://www.prweb.com/releases/wolfssl-inc-announces-wolfhsm-for-automotive-hsms-hardware-security-modules-302163846.html) ⌘ [Read more](https://mastodon.social/@campuscodi/112586343734953318) 2024-06-09T11:07:31Z ****
Talks from the Privacy Camp 2024 security conference, which took place this January, are available on YouTube

[https://www.youtube.com/playlist?list=PLGeR6jS\_7N7d0O9TKMDQwta-fZ\_mN4ors](https://www.youtube.com/playlist?list=PLGeR6jS_7N7d0O9TKMDQwta-fZ_mN4ors) ⌘ [Read more](https://mastodon.social/@campuscodi/112586342511067810) 2024-06-09T11:39:36Z ****
South Korean security firm S2W has published a comprehensive look at the DDoS-as-a-Service operations that are promoting themselves via Telegram these days. Researchers look at the likes of Project DDoSia, SERVER KILLERS, CYBERBOOTER, DDOS-V4, and more. The research is in Korean.

[https://medium.com/s2wblog/trends-of-telegram-daas-ddos-as-a-service-groups-their-hacktivist-motivations-attack-techniques-b222e5bfe0ef](https://medium.com/s2wblog/trends-of-telegram-daas-ddos-as-a-service-groups-their-hacktivist-moti ... ⌘ [Read more](https://mastodon.social/@campuscodi/112586468638597902) 2024-06-09T11:50:34Z ****
Mozilla has launched a new bug bounty program focused on large language models (LLMs) and other deep learning technologies.

The new platform is named 0-Day Investigative Network (0Din) and works as an intermediary between researchers and LLM vendors—similar to the likes of ZDI.

Mozilla says 0Din will accept bug reports for common LLM vulnerabilities and attacks such as Prompt Injection, Training Data Poisoning, Denial-of-Service, and more.

[https://blog.mozilla.org/en/mozilla/keeping-genai-technologies-secure ... ⌘ [Read more](https://mastodon.social/@campuscodi/112586511774668738) 2024-06-09T12:14:05Z ****
Morphisec has published a report on a campaign targeting Russia's aviation sector.

The company linked the attacks to a group tracked as Sticky Werewolf, an APT known to target Russia and Belarus exclusively.

This is the first report on the group from a non-Russian security firm.

[https://blog.morphisec.com/sticky-werewolfs-aviation-attacks](https://blog.morphisec.com/sticky-werewolfs-aviation-attacks) ⌘ [Read more](https://mastodon.social/@campuscodi/112586604263473462) 2024-06-09T12:42:07Z ****
Security firm watchTowr has published its own analysis of CVE-2024-4577, a PHP-CGI vulnerability impacting Windows systems: [https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/](https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/)

The bug was initially discovered by DEVCORE: [https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/](https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerabilit ... ⌘ [Read more](https://mastodon.social/@campuscodi/112586714464096645) 2024-06-09T12:59:24Z ****
I'm gonna take a wild guess and say probably because the US is one giant country and there's 102,194 different languages in Europe... also previously divided by an "Iron Curtain"

Might be wrong ![:tinking:](https://files.mastodon.social/custom_emojis/images/000/098/689/original/4cee17450e73c1d1.png)![:SMOrc:](https://files.mastodon.social/custom_emojis/images/000/134/194/original/118d7b6293628abd.png) ⌘ [Read more](https://mastodon.social/@campuscodi/112586782421246279) 2024-06-09T13:40:44Z ****
The threat actor behind the Kuiper ransomware tried to sell its source code on the XSS hacking forums only to get immediately banned back in April

[https://x.com/Libranalysis/status/1778036668236222483](https://x.com/Libranalysis/status/1778036668236222483)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112586944954776963) 2024-06-09T13:39:32Z ****
The EU Agency for Law Enforcement Training (CEPOL) says it was the victim of a cyberattack:

[https://www.cepol.europa.eu/newsroom/news/cyber-incident-eu-agency-law-enforcement-training-cepol](https://www.cepol.europa.eu/newsroom/news/cyber-incident-eu-agency-law-enforcement-training-cepol) [#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112586940257887359) 2024-06-09T13:58:59Z ****
Analyst1 has published a report that looks at the history of a ransomware operation named RansomHouse.

Researchers say the platform has been used by threat actors with links to ransomware gangs such as White Rabbit, Mario ESXi, RagnarLocker, and Dark Angels (Dunghill Leak).

[https://analyst1.com/ransomhouse-stolen-data-market-influence-operations-amp-other-tricks-up-the-sleeve/](https://analyst1.com/ransomhouse-stolen-data-market-influence-operations-amp-other-tricks-up-the-sleeve/)

Not to be confused with Ra ... ⌘ [Read more](https://mastodon.social/@campuscodi/112587016725525224) 2024-06-09T15:30:12Z ****
The Cyber Partisans say they hacked the Belarusian State University.

The group claims it obtained documents and audio records from the university's internal network showing how its leadership dismissed staff and students who participated in anti-government protests.

The files show that the university declined to admit new students who participated in protests and left comments online against the dictatorship.

[https://www.by.cpartisans.org/en/post/bsu-uncut-2020-2024-part-1](https://www.by.cpartisans.org/en/p ... ⌘ [Read more](https://mastodon.social/@campuscodi/112587375425157312) 2024-06-09T16:18:42Z ****
Last year, CrowdStrike published a report on a new crypto-mining operation that was targeting exposed Kubernetes systems with a miner for the Dero cryptocurrency token.

[https://www.crowdstrike.com/blog/crowdstrike-discovers-first-ever-dero-cryptojacking-campaign-targeting-kubernetes/](https://www.crowdstrike.com/blog/crowdstrike-discovers-first-ever-dero-cryptojacking-campaign-targeting-kubernetes/)

This threat actor—no official name yet—is still active today, according to a new report from cloud security fir ... ⌘ [Read more](https://mastodon.social/@campuscodi/112587566128539543) 2024-06-09T19:06:56Z ****
David Ross, one of the early pioneers of browser security research, has passed away, his family announced on Twitter.

In 1999, together with Georgi Guninski, he authored the first paper on XSS attacks named "Script Injection".

He also worked on implementing X-Frame-Options in Internet Explorer.

[https://x.com/randomdross/status/1799284146231185584](https://x.com/randomdross/status/1799284146231185584)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity ... ⌘ [Read more](https://mastodon.social/@campuscodi/112588227635648818) 2024-06-10T23:53:53Z ****
Unredacted has open-sourced FreeSocks, a Shadowsocks proxy-based system for bypassing internet censorship

[https://unredacted.org/blog/2024/06/freesocks-is-now-open-source/](https://unredacted.org/blog/2024/06/freesocks-is-now-open-source/)

[https://github.com/unredacted/freesocks-control-plane](https://github.com/unredacted/freesocks-control-plane) ⌘ [Read more](https://mastodon.social/@campuscodi/112595018291068110) 2024-06-10T23:53:21Z ****
After European law enforcement agencies have argued for lawful access to encrypted instant messaging clients for a few years now, their demands have recently expanded. In a new report published this week, Europol has asked that lawful access should be considered for other technologies that use encryption, such as 6G, biometrics, DNS, the blockchain, and quantum computing.

[https://www.europol.europa.eu/media-press/newsroom/news/equilibrium-between-security-and-privacy-new-report-encryption](https://www.europol. ... ⌘ [Read more](https://mastodon.social/@campuscodi/112595016167863329) 2024-06-11T08:07:52Z ****
It's time companies... do it! ⌘ [Read more](https://mastodon.social/@campuscodi/112596960677574816) 2024-06-11T12:03:09Z ****
Pro-Russian operatives wage relentless disinformation campaigns on Telegram against UN peacekeepers in Mali, DRC, and CAR

[https://blog.openmeasures.io/p/pro-russian-telegram-channels-amplify](https://blog.openmeasures.io/p/pro-russian-telegram-channels-amplify) ⌘ [Read more](https://mastodon.social/@campuscodi/112597885902794587) 2024-06-11T12:13:04Z ****
"Amplified narratives focus on undermining UN missions by portraying them as ineffective, corrupt, and complicit in crimes. They position Russian military involvement as a more effective and transparent alternative."

you know... the recommendation is the troops accused of genocide in many of these countries... used to clear communities from desired mining lands ⌘ [Read more](https://mastodon.social/@campuscodi/112597924884175766) 2024-06-11T15:30:32Z ****
More than 458,000 PHP Windows servers are currently exposed on the internet and potentially vulnerable to that nasty PHP-CGI/Windows bug

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security)

[https://censys.com/cve-2024-4577/](https://censys.com/cve-2024-4577/) ⌘ [Read more](https://mastodon.social/@campuscodi/112598701312014682) 2024-06-11T15:29:38Z ****
AWS adds support for passkeys

[https://aws.amazon.com/blogs/security/passkeys-enhance-security-and-usability-as-aws-expands-mfa-requirements/](https://aws.amazon.com/blogs/security/passkeys-enhance-security-and-usability-as-aws-expands-mfa-requirements/)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112598697796569715) 2024-06-11T16:44:17Z ****
US federal agencies have suffered more than 32,000 security incidents over fiscal year 2023, according to a new White House report

PDF: [https://www.whitehouse.gov/wp-content/uploads/2024/06/FY23-FISMA-Report.pdf](https://www.whitehouse.gov/wp-content/uploads/2024/06/FY23-FISMA-Report.pdf) ⌘ [Read more](https://mastodon.social/@campuscodi/112598991310297053) 2024-06-12T03:03:10Z ****
What the actual f...

[https://www.nordbayern.de/panorama/nach-burgerentscheid-hunderte-tauben-sollen-mit-genickbruch-getotet-werden-1.14296366](https://www.nordbayern.de/panorama/nach-burgerentscheid-hunderte-tauben-sollen-mit-genickbruch-getotet-werden-1.14296366) ⌘ [Read more](https://mastodon.social/@campuscodi/112601424907331516) 2024-06-13T11:05:57Z ****
The NCC Group has open-sourced a tool named Stepping Stones that can help red teams with record keeping, situational awareness, and reports.

[https://research.nccgroup.com/2024/06/12/stepping-stones-a-red-team-activity-hub/](https://research.nccgroup.com/2024/06/12/stepping-stones-a-red-team-activity-hub/) ⌘ [Read more](https://mastodon.social/@campuscodi/112608985610971692) 2024-06-13T11:45:51Z ****
Meta tried to discredit researchers who identified fraudulent ads in its platforms

[https://nucleo.jor.br/english/2024-06-12-meta-tried-to-discredit-researchers-who-identified-fraudulent-ads-in-its-platforms/](https://nucleo.jor.br/english/2024-06-12-meta-tried-to-discredit-researchers-who-identified-fraudulent-ads-in-its-platforms/) ⌘ [Read more](https://mastodon.social/@campuscodi/112609142443828409) 2024-06-13T12:48:35Z ****
Databricks security engineer Steve Weis has compiled a list of companies that use non-standard cryptography setups.

[https://github.com/fancy-cryptography/fancy-cryptography](https://github.com/fancy-cryptography/fancy-cryptography) ⌘ [Read more](https://mastodon.social/@campuscodi/112609389174204087) 2024-06-13T14:20:44Z ****
Ukrainian authorities have arrested two individuals who ran a mobile bot farms.

The two suspects used Ukrainian SIM cards to register more than 15,000 social media accounts and sold access to the accounts through the dark web.

The Ukrainian SBU says Russian intelligence bought access to some of these accounts to spread pro-Kremlin propaganda and send smishing messages to Ukrainian soldiers.

[https://t.me/SBUkr/12159](https://t.me/SBUkr/12159)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity]( ... ⌘ [Read more](https://mastodon.social/@campuscodi/112609751471252399) 2024-06-13T14:19:57Z ****
South Korean firm AhnLab says the Bondnet crypto-mining botnet is still alive seven years later after being first spotted in 2017 by GuardiCore

[https://asec.ahnlab.com/en/66662/](https://asec.ahnlab.com/en/66662/) ⌘ [Read more](https://mastodon.social/@campuscodi/112609748412428438) 2024-06-13T15:44:13Z ****
Canadian authorities have arrested three individuals believed to have hacked the Desjardins Group, the country's largest credit union.

The hack took place in 2019, and hackers stole the personal data of 4.2 million customers and 173,000 businesses.

Authorities have named two of the suspects and said they also issued an arrest warrant for a fourth suspect.

[https://www.laval.ca/Pages/Fr/Nouvelles/microsite-police/arrestations-vols-de-donnees-desjardins.aspx](https://www.laval.ca/Pages/Fr/Nouvelles/microsite-po ... ⌘ [Read more](https://mastodon.social/@campuscodi/112610079754383009) 2024-06-13T17:15:58Z ****
The CyberVandals research group says it did not see widespread coordinated DDoS attacks from pro-Kremlin groups during the recent EU elections.

[https://blog.kybervandals.com/attacks-on-eu-by-russian-activist-summarized/](https://blog.kybervandals.com/attacks-on-eu-by-russian-activist-summarized/)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112610440546330972) 2024-06-13T17:34:26Z ****
POC published for a Unauthenticated Path Traversal in the Sonatype Nexus Repository (CVE-2024-4956)

[https://medium.com/@verylazytech/poc-cve-2024-4956-unauthenticated-path-traversal-f24b1a595e0e](https://medium.com/@verylazytech/poc-cve-2024-4956-unauthenticated-path-traversal-f24b1a595e0e)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112610513184700962) 2024-06-13T17:40:59Z ****
Security firm Volexity has discovered a suspected Pakistani APT group engaging in cyber-espionage against Indian government entities.

The group's main toolkit is DISGOMOJI, a malware strain designed to target Linux servers.

The malware is uses a Discord channel as its command-and-control server and emojis as commands to control infected systems.

Volexity tracks the new group as UTA0137. [#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](ht ... ⌘ [Read more](https://mastodon.social/@campuscodi/112610538926224080) 2024-06-13T17:49:02Z ****
German security firm G Data has discovered that Fortinet firewalls use weak password hashes to secure backup files.

[https://www.gdatasoftware.com/blog/2024/01/37834-passwords-on-a-silver-platter](https://www.gdatasoftware.com/blog/2024/01/37834-passwords-on-a-silver-platter)

Tracked as CVE-2024-21754, the vulnerability can be exploited to decrypt backup files and read a device's login credentials.

[https://www.fortiguard.com/psirt/FG-IR-23-423](https://www.fortiguard.com/psirt/FG-IR-23-423)

"Those backup fi ... ⌘ [Read more](https://mastodon.social/@campuscodi/112610570595187718) 2024-06-13T18:19:52Z ****
Cloud security firm Permiso has open-sourced a tool named YetiHunter that can search for signs of compromise in a company's Snowflake accounts.

[https://permiso.io/blog/introducing-yetihunter-an-open-source-tool-to-detect-and-hunt-for-suspicious-activity-in-snowflake](https://permiso.io/blog/introducing-yetihunter-an-open-source-tool-to-detect-and-hunt-for-suspicious-activity-in-snowflake)

[https://github.com/Permiso-io-tools/YetiHunter](https://github.com/Permiso-io-tools/YetiHunter)

[#infosec](https://masto ... ⌘ [Read more](https://mastodon.social/@campuscodi/112610691797157764) 2024-06-13T20:37:55Z ****
The French government has published a report on Matriochka, a pro-Russian social media influence campaign that tried to discredit Western news media, public figures, and fact-checking organizations.

[https://www.sgdsn.gouv.fr/publications/matriochka-une-campagne-prorusse-ciblant-les-medias-et-la-communaute-des-fact-checkers](https://www.sgdsn.gouv.fr/publications/matriochka-une-campagne-prorusse-ciblant-les-medias-et-la-communaute-des-fact-checkers)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecur ... ⌘ [Read more](https://mastodon.social/@campuscodi/112611234637047525) 2024-06-20T10:00:37Z ****
CertiK whitehat-bountying funds from Kraken and then laundering the assets through a sanctioned mixing service is the perfect definition of the s\*\*t show that the crypto-scene has been for the past decade.

[https://x.com/jconorgrogan/status/1803486112608034854](https://x.com/jconorgrogan/status/1803486112608034854) ⌘ [Read more](https://mastodon.social/@campuscodi/112648364816675243) 2024-06-23T05:46:17Z **** ⌘ [Read more](https://mastodon.social/@campuscodi/112664351687062942) 2024-06-26T11:00:34Z ****
Catching up on all the infosec stuff on Friday is gonna be... painful

I'm already dreading it ⌘ [Read more](https://mastodon.social/@campuscodi/112682574477982304) 2024-06-27T12:17:20Z ****
The company behind the Polyfill supply chain attack claims it was defamed.

They're pretending like thousands of infosec researchers and web devs don't know what they're talking about and it was all a big misunderstanding.

This is not going to end well for them. Good luck with that strategy, boyz!

[https://x.com/Polyfill\_Global/status/1805923380857897277](https://x.com/Polyfill_Global/status/1805923380857897277) ⌘ [Read more](https://mastodon.social/@campuscodi/112688538636805993) 2024-06-27T12:17:20Z ****
The company behind the Polyfill supply chain attack claims it was defamed.

They're pretending like thousands of infosec researchers and web devs don't know what they're talking about and it was all a big misunderstanding.

This is not going to end well for them. Good luck with that strategy, boyz!

[https://x.com/Polyfill\_Global/status/1805923380857897277](https://x.com/Polyfill_Global/status/1805923380857897277) ⌘ [Read more](https://mastodon.social/@campuscodi/112688538636805993) 2024-06-27T16:10:31Z ****
Does anyone have a copy of the email/alert they can share privately?

Image source: [https://mastodon.social/@jtig@infosec.exchange/112689362720352430](https://mastodon.social/@jtig@infosec.exchange/112689362720352430) ⌘ [Read more](https://mastodon.social/@campuscodi/112689455533958392) 2024-06-27T20:50:38Z ****
Microsoft says it will issue CVEs for security issues in its cloud services

[https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/](https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/)

Example CVE: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35260](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35260) ⌘ [Read more](https://mastodon.social/@campuscodi/112690557004772487) 2024-06-28T22:51:51Z ****
A ransomware attack has hit Indonesia's National Data Center (PDN), causing delays in airport immigration services and new student registration.

[https://jakartaglobe.id/tech/decoding-brain-cipher-the-ransomware-behind-the-national-data-center-breach](https://jakartaglobe.id/tech/decoding-brain-cipher-the-ransomware-behind-the-national-data-center-breach)

The incident has been linked to a new ransomware strain named Brain Cipher, a version built on the leaked LockBit ransomware source code.

[https://fortiguar ... ⌘ [Read more](https://mastodon.social/@campuscodi/112696695923402913) 2024-06-28T22:53:25Z ****
40 vulnerabilities in Toshiba Multi-Function Printers: [https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html](https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html)

17 vulnerabilities in Sharp Multi-Function Printers: [https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html](https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.so ... ⌘ [Read more](https://mastodon.social/@campuscodi/112696702090969334) 2024-06-29T14:34:09Z ****
Glad the Panama Papers made an impact:

"Panama court acquits 28 implicated in Panama Papers and Operation Car Wash scandals"

[https://edition.cnn.com/2024/06/29/americas/operation-car-wash-panama-papers-acquittals-intl/index.html](https://edition.cnn.com/2024/06/29/americas/operation-car-wash-panama-papers-acquittals-intl/index.html) ⌘ [Read more](https://mastodon.social/@campuscodi/112700401201080527) 2024-06-29T15:05:09Z ****
Indonesia arrests over 100 foreigners in Bali suspected of participating in cybercrime

[https://therecord.media/indonesia-bali-arrests-foreigners-cybercrime](https://therecord.media/indonesia-bali-arrests-foreigners-cybercrime) ⌘ [Read more](https://mastodon.social/@campuscodi/112700523120614078) 2024-06-29T15:42:45Z ****
The Zeek project has canceled this year's edition of the ZeekWeek conference due to poor attendance

[https://community.zeek.org/t/cancellation-of-zeekweek-2024/7403](https://community.zeek.org/t/cancellation-of-zeekweek-2024/7403)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112700670939145044) 2024-06-29T16:07:26Z ****
The Polish train white-hat hacking scandal is getting more... "lawyery"

The train vendor, NEWAG, has filed a second lawsuit

[https://social.hackerspace.pl/@q3k/112693911864133850](https://social.hackerspace.pl/@q3k/112693911864133850) ⌘ [Read more](https://mastodon.social/@campuscodi/112700767994047414) 2024-06-29T18:49:13Z ****
German security firm SRLabs has open-sourced Certiception, an Active Directory Certificate Services (ADCS) honeypot tool.

[https://www.srlabs.de/blog-post/certiception-the-adcs-honeypot-we-always-wanted](https://www.srlabs.de/blog-post/certiception-the-adcs-honeypot-we-always-wanted)

[https://github.com/srlabs/Certiception](https://github.com/srlabs/Certiception)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/ta ... ⌘ [Read more](https://mastodon.social/@campuscodi/112701404209393161) 2024-06-29T19:51:40Z ****
Australian man charged for setting fake WiFi access points to steal data from Australian airport users

[https://www.afp.gov.au/news-centre/media-release/man-charged-over-creation-evil-twin-free-wifi-networks-access-personal](https://www.afp.gov.au/news-centre/media-release/man-charged-over-creation-evil-twin-free-wifi-networks-access-personal) [#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112701649714269023) 2024-06-29T20:30:15Z ****
Zscaler researchers say that North Korean APT group Kimsuky has used a new malicious Google Chrome extension named TRANSLATEXT to target and steal credentials from South Korean academics

[https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia](https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#sec ... ⌘ [Read more](https://mastodon.social/@campuscodi/112701801465589867) 2024-06-29T21:07:05Z ****
Software company Addepar has open-sourced RedFlag, a tool that leverages AI to determine high-risk code changes in CI pipelines and source code repos.

[https://addepar.com/blog/introducing-redflag-using-ai-to-scale-addepar-s-offensive-security-team](https://addepar.com/blog/introducing-redflag-using-ai-to-scale-addepar-s-offensive-security-team)

[https://github.com/Addepar/RedFlag](https://github.com/Addepar/RedFlag)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tag ... ⌘ [Read more](https://mastodon.social/@campuscodi/112701946299420833) 2024-06-30T09:21:16Z ****
Talks from the HITCON 2023 security conference, which took place in August last year, are now available on YouTube. Talks are available in Chinese and English.

[https://www.youtube.com/playlist?list=PLQcbOyDFl\_bdU0ozHGhU3f9UCAxoB8joC](https://www.youtube.com/playlist?list=PLQcbOyDFl_bdU0ozHGhU3f9UCAxoB8joC) ⌘ [Read more](https://mastodon.social/@campuscodi/112704833198117059) 2024-06-30T09:20:58Z ****
Ryan Naraine, Costin Raiu, and J. A. Guerrero-Saade have launched a new weekly infosec podcast named The Three Buddy Problem

[https://securityconversations.com/episode/ep2-a-deep-dive-on-disrupting-and-exposing-nation-state-malware-ops/](https://securityconversations.com/episode/ep2-a-deep-dive-on-disrupting-and-exposing-nation-state-malware-ops/)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112704832038708471) 2024-06-30T10:22:01Z ****
Ukraine's GUR military intelligence has launched a series of cyber operations that disrupted IT services across the Russian-occupied territory of Crimea.

DDoS attacks targeted local ISPs, Russian propaganda sites, and the traffic control systems on the Kerch Bridge.

The attacks took down internet connectivity and restricted car traffic on the Kerch Bridge.

[https://www.kyivpost.com/uk/post/34916](https://www.kyivpost.com/uk/post/34916) [#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https:// ... ⌘ [Read more](https://mastodon.social/@campuscodi/112705072072581362) 2024-06-30T10:21:24Z ****
Russian security firm Kaspersky says the recent US government ban won't significantly affect its operations since its US business only accounts for "just under 10% of the company's total revenue," according to a report from Kim Zetter: [https://www.zetter-zeroday.com/new-government-ban-on-kaspersky-would-prevent-malware-signature-updates/](https://www.zetter-zeroday.com/new-government-ban-on-kaspersky-would-prevent-malware-signature-updates/)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](htt ... ⌘ [Read more](https://mastodon.social/@campuscodi/112705069658878264) 2024-06-30T10:27:28Z ****
Pro-Ukrainian hacktivist group Cyber Resistance claims to have hacked one of the six assistants for Dmitry Medvedev, the deputy chairman of Russia's Security Council.

The group claims it hacked the assistant's inbox at the start of the year and quietly intercepted emails for more than six months.

[https://informnapalm.org/ua/medvedevleaks-shantazh-yadernoho-vedmedyka/](https://informnapalm.org/ua/medvedevleaks-shantazh-yadernoho-vedmedyka/)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](htt ... ⌘ [Read more](https://mastodon.social/@campuscodi/112705093549752147) 2024-06-30T10:52:46Z ****
Security firm ANY.RUN says one of its employees fell victim to a spear-phishing attack. The company says the spear-phishing email came from the email of one of its customers, which was compromised as part of a larger campaign that targeted popular companies. ANY.RUN says the attacker didn't pivot to its internal network and only used its employee's account to phishing other victims.

Final post-mortem is out: [https://any.run/cybersecurity-blog/analysis-of-the-phishing-campaign/](https://any.run/cybersecurity-bl ... ⌘ [Read more](https://mastodon.social/@campuscodi/112705193038418929) 2024-06-30T11:07:50Z ****
All three apps from Indian software company Conceptworld have been trojanized with an infostealer

[https://www.rapid7.com/blog/post/2024/06/27/supply-chain-compromise-leads-to-trojanized-installers-for-notezilla-recentx-copywhiz/](https://www.rapid7.com/blog/post/2024/06/27/supply-chain-compromise-leads-to-trojanized-installers-for-notezilla-recentx-copywhiz/)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/s ... ⌘ [Read more](https://mastodon.social/@campuscodi/112705252231684427) 2024-06-30T12:31:12Z ****
Marketing and sales software giant HubSpot said on Friday that it’s investigating a cybersecurity incident

[https://techcrunch.com/2024/06/28/hubspot-says-its-investigating-customer-account-hacks/](https://techcrunch.com/2024/06/28/hubspot-says-its-investigating-customer-account-hacks/)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112705580062663867) 2024-06-30T12:43:44Z ****
Security company elttam has published details on a new class of vulnerabilities it is calling "ORM Leaks."

These are vulnerabilities in Object Relational Mappers (ORMs) that can leak information from apps that use affected ORMs.

The company says it found leaks in ORM components used by the Django Python framework and CMSs like Label Studio, Ghost, and Payload.

[https://www.elttam.com/blog/plormbing-your-django-orm/](https://www.elttam.com/blog/plormbing-your-django-orm/)

[#infosec](https://mastodon.social/ta ... ⌘ [Read more](https://mastodon.social/@campuscodi/112705629357321973) 2024-06-30T15:39:24Z ****
Talks from the fwd:cloudsec 2024 security conference, which took place last month, are now available on YouTube

[https://www.youtube.com/playlist?list=PLCPCP1pNWD7PoUaDtU\_T9XJSJ6d7cSfjl](https://www.youtube.com/playlist?list=PLCPCP1pNWD7PoUaDtU_T9XJSJ6d7cSfjl)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112706320077906153) 2024-06-30T16:20:02Z ****
Bulgarian officials have arrested and charged a man named Teodor Iliev with several computer crimes. According to a report from DataBreaches.net, the man is believed to be behind the Magadans and Emil Külev hacker personas, active on several underground hacking forums. He is accused of hacking multiple Bulgarian companies and state institutions over the past five years.

[https://databreaches.net/2024/06/30/bulgarian-hacker-emil-kulev-arrested-and-detained/](https://databreaches.net/2024/06/30/bulgarian-hacker-e ... ⌘ [Read more](https://mastodon.social/@campuscodi/112706479892136669) 2024-06-30T18:43:51Z ****
10/10 API auth bypass bug in Juniper routers

[https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en\_US](https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US)

[#infosec](https://mastodon.social/tags/infosec) [#cyberse ... ⌘ [Read more](https://mastodon.social/@campuscodi/112707045361045575) 2024-06-30T19:58:28Z ****
StrikeReady looks at new malicious HTML documents used by the Armageddon Russian APT that require users to move their mouse first, before executing their payloads.

[https://blog.strikeready.com/blog/armageddon-is-more-than-a-grammy-nominated-album/](https://blog.strikeready.com/blog/armageddon-is-more-than-a-grammy-nominated-album/)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112707338770563447) 2024-07-01T18:30:10Z ****
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems

[https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt](https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112712653893284831) 2024-07-02T08:39:24Z ****
NaoSec has a fascinating deep dive into the ShadowPad builder, who develops it, sells, and uses it

[https://nao-sec.org/2024/06/building-caspers-shadow.html](https://nao-sec.org/2024/06/building-caspers-shadow.html)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112715993219108339) 2024-07-02T09:16:54Z ****
RegreSSHion patches are rolling out to Google's K8s

[https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2024-040](https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2024-040) ⌘ [Read more](https://mastodon.social/@campuscodi/112716140698821265) 2024-07-02T10:39:05Z ****
Halycon researchers have discovered a new ransomware operator named Volcano Demon that is currently distributing versions of the LukaLocker ransomware.

Halycon says the group engages in targeted ransomware attacks but does not operate a dedicated dark web leak site.

The group is also known for calling a company's executives to extort and negotiate payments.

[https://www.halcyon.ai/blog/halcyon-identifies-new-ransomware-operator-volcano-demon-serving-up-lukalocker](https://www.halcyon.ai/blog/halcyon-identifie ... ⌘ [Read more](https://mastodon.social/@campuscodi/112716463837830614) 2024-07-02T10:43:37Z ****
Sekoia has published a report on FakeBat, a popular malware loader used this year by multiple cybercrime crews for their drive-by download operations.

The malware is also known as BatLoader and has been sold as a Loader-as-a-Service on the Exploit forum since late 2022.

[https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/](https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/)

[#infosec](https://mastodon.social/tags/info ... ⌘ [Read more](https://mastodon.social/@campuscodi/112716481669087316) 2024-07-02T14:33:48Z ****
Android security updates for July 2024 are out: [https://source.android.com/docs/security/bulletin/2024-07-01](https://source.android.com/docs/security/bulletin/2024-07-01)

The Pixel security bulletin was late and wasn't up when we wrote this. It will go live at this URL: [https://source.android.com/docs/security/bulletin/pixel/2024-07-01](https://source.android.com/docs/security/bulletin/pixel/2024-07-01)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecur ... ⌘ [Read more](https://mastodon.social/@campuscodi/112717386770870002) 2024-07-02T14:34:18Z ****
A team of academics from the University of California, San Diego, have discovered a new speculative attack impacting high-end Intel CPUs.

Named Indirector, the attack can be used to leak sensitive data from Intel Raptor Lake and Alder Lake CPUs.

[https://indirector.cpusec.org/](https://indirector.cpusec.org/)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112717388713820311) 2024-07-02T15:05:32Z ****
Russian security firm CICADA8 has published RemoteKrbRelay, a tool to execute KrbRelay and KrbRelayUp attacks remotely.

[https://github.com/CICADA8-Research/RemoteKrbRelay](https://github.com/CICADA8-Research/RemoteKrbRelay)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112717511569798808) 2024-07-02T15:05:05Z ****
Security firm EVA found vulnerabilities in the CocoaPods package repository used in the iOS and macOS ecosystems.

The vulnerabilities could have allowed threat actors to hijack developer accounts with no interaction, claim ownership over orphaned pods, and even take over the central CocoaPods "trunk" server.

The issues could have been used to orchestrate supply chain attacks on more than 3 million iOS & macOS apps.

[https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods](https://www ... ⌘ [Read more](https://mastodon.social/@campuscodi/112717509817758103) 2024-07-02T15:39:09Z ****
It's a storm outside and Romania is about to play in the Euros.

This is the perfect time to ruin a delivery guy's day! 👺 ⌘ [Read more](https://mastodon.social/@campuscodi/112717643760741556) 2024-07-02T16:13:04Z ****
A Norwegian court has ordered dating app Grindr to pay €5.6 million for sharing its users' dating data with advertisers.

[https://www.forbrukerradet.no/siste-nytt/sjekkeappen-grindr-domt-etter-klage-fra-forbrukerradet/](https://www.forbrukerradet.no/siste-nytt/sjekkeappen-grindr-domt-etter-klage-fra-forbrukerradet/) ⌘ [Read more](https://mastodon.social/@campuscodi/112717777129937498) 2024-07-02T16:14:14Z ****
Cyber insurance rates have fallen over the past year as companies have gotten better at securing their networks. Cyber insurance broker Howden says cyber insurance prices are down 15% from their 2022 peak.

[https://www.howdengroupholdings.com/news/cyber-insurance-entering-a-new-phase-of-development-as-non-us-territories-set-to-capture-54-of-growth-up-to-2030](https://www.howdengroupholdings.com/news/cyber-insurance-entering-a-new-phase-of-development-as-non-us-territories-set-to-capture-54-of-growth-up-to-2030) ... ⌘ [Read more](https://mastodon.social/@campuscodi/112717781713528705) 2024-07-02T18:57:27Z ****
Recorded Future says law enforcement can use infostealer logs to track down users who visit CSAM sites and uncover their identities based on their other credentials

That's actually pretty damn smart

[https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers](https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#securi ... ⌘ [Read more](https://mastodon.social/@campuscodi/112718423491177819) 2024-07-03T22:55:17Z ****
Security firm Uptycs has found a way to retrieve free decryptors from the admin panel of the Mallox RaaS. It's probably gonna be patched now!

[https://www.uptycs.com/blog/mallox-ransomware-linux-variant-decryptor-discovered](https://www.uptycs.com/blog/mallox-ransomware-linux-variant-decryptor-discovered) ⌘ [Read more](https://mastodon.social/@campuscodi/112725020999052050) 2024-07-04T00:00:26Z ****
Security firm 3Nails Infosec has released EDRPrison, a driver to prevent EDR agents from sending telemetry back home.

[https://www.3nailsinfosec.com/post/edrprison-borrow-a-legitimate-driver-to-mute-edr-agent](https://www.3nailsinfosec.com/post/edrprison-borrow-a-legitimate-driver-to-mute-edr-agent)

[https://github.com/senzee1984/EDRPrison](https://github.com/senzee1984/EDRPrison)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https:// ... ⌘ [Read more](https://mastodon.social/@campuscodi/112725277201292778) 2024-07-04T00:48:43Z ****
Phishing email sent from the official Ethereum mailing list

noice... :/

[https://blog.ethereum.org/2024/07/02/blog-incident](https://blog.ethereum.org/2024/07/02/blog-incident)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112725467042158307) 2024-07-04T01:07:03Z ****
Positive Technology researcher Arseniy Sharoglazov has found two unauthenticated remote code execution issues that impact the Xerox WorkCentre multifunctional printer.

[https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/](https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112725539150441729) 2024-07-04T10:54:08Z ****
New Kirin (Killing Internet Routers in IPv6 Networks) attack can bring AS networks using large IPv6 BGP route announcements

[https://kirin-attack.github.io/](https://kirin-attack.github.io/)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112727847622675306) 2024-07-04T11:06:04Z ****
SonarSource researchers have discovered four vulnerabilities in the Gogs open-source self-hosted Git server.

SonarSource says the issues are still unpatched after the project's admins stopped communicating with its researchers.

According to Shodan, there are more than 7,400 Gogs servers currently connected to the internet.

[https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/](https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilitie ... ⌘ [Read more](https://mastodon.social/@campuscodi/112727894526383485) 2024-07-04T11:59:21Z ****
CVE-2024-23692 from Arseniy Sharoglazov ( [https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/](https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/)) is now exploited in the wild:

[https://asec.ahnlab.com/en/67650/](https://asec.ahnlab.com/en/67650/)

ccc [@screaminggoat](https://infosec.exchange/@screaminggoat)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/secu ... ⌘ [Read more](https://mastodon.social/@campuscodi/112728104098389906) 2024-07-04T12:46:07Z ****
New ransomware group named Eldorado:

-lists 15 victims

-launched in March

-advertises on RAMP

-claims to have encrypters for Linux and Windows systems

-its code appears to be original and written from scratch

-small operation

-seems to be the work of Russian-speaking developers

According to security firm Group-IB, Eldorado is one of the 23 ransomware platforms that have posted ads on hacking forums throughout 2022 and 2023.

[https://www.group-ib.com/blog/eldorado-ransomware/](https://www.group-ib.com/bl ... ⌘ [Read more](https://mastodon.social/@campuscodi/112728287952412391) 2024-07-04T12:50:01Z ****
Yesterday's Europol Operation Morpheus appears to have taken out ~25% of known malicious Cobalt Strike servers

[https://x.com/silascutler/status/1808631021048418323](https://x.com/silascutler/status/1808631021048418323)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112728303277288726) 2024-07-04T13:53:17Z ****
South Korean authorities have sentenced a teenager to one year in prison for hacking one of their teachers and leaking answers for an upcoming test.

Officials say the teenager and a friend broke into a school staff room and planted malware on the teacher's laptop.

The incident took place in 2022. The teen's accomplice was also sentenced to 10 months in prison.

[https://www.yna.co.kr/view/AKR20240703106700054](https://www.yna.co.kr/view/AKR20240703106700054)

[#infosec](https://mastodon.social/tags/infosec) [# ... ⌘ [Read more](https://mastodon.social/@campuscodi/112728552096719820) 2024-07-04T15:11:39Z ****
Cybersecurity reporter Brian Krebs has tracked down a well-known initial access broker to a 30-year-old Russian man from the city of Ozersk.

Krebs says that Maxim Kirtsov has been active in hacking forums for almost 15 years under the name of x999xx.

The hacker is known for breaching corporate networks and selling access to ransomware gangs.

Kirtsov confirmed Krebs' investigation via email.

[https://krebsonsecurity.com/2024/07/the-not-so-secret-network-access-broker-x999xx/](https://krebsonsecurity.com/2024/ ... ⌘ [Read more](https://mastodon.social/@campuscodi/112728860234599819) 2024-07-04T15:51:17Z ****
This is hilarious. The group behind the ransomware attack on Indonesia's national data center claimed their attack was "only a pentest with post payment" and have promised to provide a free decryption key

They also put up a Monero wallet for donations... for their time lost. LOL

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112729016051515316) 2024-07-05T08:50:25Z ****
Plus:

-Russia bans most VoIP

-Polyfill supply chain attack still impacts 384k sites

-Vishing squad detained in Spain and Portugal

-Malware reports on TgRat, Mallox, GootLoader, Mekotio

-New Ghostscript RCE

-Xerox WorkCentre RCE

-Rejetto server RCE

-RoguePuppet supply chain attack plugged

-Unpatched vulnerabilities in Gogs Git service

-Silent 7-Zip patch

-Breaches at the FIA, Roll20, and Ethereum projects

-New EDRPrison and CSPT tools

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity]( ... ⌘ [Read more](https://mastodon.social/@campuscodi/112733023463356520) 2024-07-05T08:46:48Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-ransomware-attacks-increase-hospital-mortality-rates/](https://news.risky.biz/risky-biz-news-ransomware-attacks-increase-hospital-mortality-rates/)

Podcast: [https://risky.biz/RBNEWS304/](https://risky.biz/RBNEWS304/)

-Ransomware attacks increase hospital mortality rates

-Europol takes down ~600 Cobalt Strike servers

-New Kirin BGP attack

-Ransomware gang gives Indonesian govt free decryption key

-BitTensor hacked for $8mil

-New ElDorado ransomware

-New ... ⌘ [Read more](https://mastodon.social/@campuscodi/112733009255939582) 2024-07-06T19:28:22Z ****
What the f... is wrong with the New York Times as of late! ⌘ [Read more](https://mastodon.social/@campuscodi/112741194268772651) 2024-07-06T19:47:15Z ****
Three-hundred-thirty-six (yes, 336) malicious npm packages were discovered last week:

[https://github.com/advisories?query=type%3Amalware](https://github.com/advisories?query=type%3Amalware) ⌘ [Read more](https://mastodon.social/@campuscodi/112741268562108478) 2024-07-06T23:14:46Z ****
A threat actor claims [archived] to be selling details about a vulnerability in the HackerOne bug bounty platform that can bypass MFA checks

[https://archive.ph/U5z2b](https://archive.ph/U5z2b) ⌘ [Read more](https://mastodon.social/@campuscodi/112742084563418622) 2024-07-07T11:57:37Z ****
The Florida Department of Health has confirmed that hackers breached its systems in an incident last week.

The attack hit the Department's statistics system, which is used to issue birth and death certificates.

Following the attack, the Department is now physically driving new birth and death certificates to state hospitals for processing.

[https://www.news4jax.com/news/local/2024/07/05/i-team-florida-dept-of-health-cyberattack-has-caused-problems-for-funeral-homes/](https://www.news4jax.com/news/local/2024/0 ... ⌘ [Read more](https://mastodon.social/@campuscodi/112745084205766107) 2024-07-07T11:56:27Z ****
The Alabama State Department of Education (ALSDE) fell victim to a cyber attack in June

[https://www.alabamaachieves.org/databreach](https://www.alabamaachieves.org/databreach) (US only link)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](https://mastodon.social/tags/security) ⌘ [Read more](https://mastodon.social/@campuscodi/112745079619665041) 2024-07-07T14:53:12Z ****
HiSolutions has published a technical report of CSHARP-STREAMER, a remote access trojan that was used in the past by ransomware gangs such as REvil and Metaencryptor.

The company reports seeing usage of the RAT massively increase in Q3 2023 after the Metaencryptor gang intensified its attacks.

[https://research.hisolutions.com/2024/06/how-to-detect-the-modular-rat-csharp-streamer/](https://research.hisolutions.com/2024/06/how-to-detect-the-modular-rat-csharp-streamer/)

[#infosec](https://mastodon.social/tags/ ... ⌘ [Read more](https://mastodon.social/@campuscodi/112745774611612158) 2024-07-07T18:07:57Z ****
A threat actor claims to be selling details about a vulnerability that can be used to take over accounts on the npm portal.

DevSecOps company Socket could not confirm the threat actor's claims.

[https://socket.dev/blog/unverified-npm-account-takeover-vulnerability-for-sale-on-dark-web-forum](https://socket.dev/blog/unverified-npm-account-takeover-vulnerability-for-sale-on-dark-web-forum)

[#infosec](https://mastodon.social/tags/infosec) [#cybersecurity](https://mastodon.social/tags/cybersecurity) [#security](h ... ⌘ [Read more](https://mastodon.social/@campuscodi/112746540412311844) 2024-07-08T10:26:59Z ****
Also:

-Pennsylvania has a new data breach law

-Airtel denies data breach

-Cloudflare BGP hijack

-Sri Lankans cybercrime crew deported from UAE

-REvil case in Russia (finally) moves forward

-Hackers advertise npm account takeover and HackerOne MFA bypass

-Brute Ratel leaked online

-Malware reports on SmokeLoader, CSHARP-STREAMER, Black Suit ransomware, Wordfence Evasion Malware

-APT reports on Turla and Lazarus

-New tools DonPAPI and BADUnboxing

-bpfconf 2024 talks ⌘ [Read more](https://mastodon.social/@campuscodi/112750390097812466) 2024-07-08T10:23:30Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-a-ransomware-attack-is-putting-lives-at-risk-across-south-africa/](https://news.risky.biz/risky-biz-news-a-ransomware-attack-is-putting-lives-at-risk-across-south-africa/)

Podcast: [https://risky.biz/RBNEWS305/](https://risky.biz/RBNEWS305/)

-A ransomware attack is putting lives at risk across South Africa

-Ransomware attack cripples Florida's Department of Health

-Ransomware hits Alabama State Department of Education

-OpenAI hid a security breach in 2023

 ... ⌘ [Read more](https://mastodon.social/@campuscodi/112750376449290934) 2024-07-08T20:48:19Z ****
Yes, I am one of the people who thinks ProPublica has no business covering cyber:

[https://mastodon.social/@campuscodi/112752825599309169](https://mastodon.social/@campuscodi/112752825599309169) ⌘ [Read more](https://mastodon.social/@campuscodi/112752833267348246) 2024-07-08T20:50:25Z ****
"Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024."

[https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/](https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/) ⌘ [Read more](https://mastodon.social/@campuscodi/112752841559668089) 2024-07-08T21:56:04Z ****
Suspected Adobe Reader zero-day: [https://x.com/EXPMON\_/status/1804642692594569452](https://x.com/EXPMON_/status/1804642692594569452)

Archived: [https://archive.ph/ZPay4](https://archive.ph/ZPay4)

Patch allegedly coming in August: [https://x.com/HaifeiLi/status/1810415670552649750](https://x.com/HaifeiLi/status/1810415670552649750) ⌘ [Read more](https://mastodon.social/@campuscodi/112753099726625322) 2024-07-08T22:25:33Z ****
CERT-PL has open-sourced MailGoose, a tool to allow server admins to check whether their SPF, DMARC, and DKIM configuration is set up correctly.

[https://cert.pl/en/posts/2024/07/mailgoose/](https://cert.pl/en/posts/2024/07/mailgoose/)

[https://github.com/CERT-Polska/mailgoose](https://github.com/CERT-Polska/mailgoose) ⌘ [Read more](https://mastodon.social/@campuscodi/112753215613866078) 2024-07-08T23:03:26Z ****
Russian security firm FACCT links the VasyGrek cybercrime crew to a Ukrainian named Andrey R from the city of Ternopil

Apparently Russian security firms can dox cybercrime crews... they just choose to look the other way when they're in their own backyard

[https://www.facct.ru/blog/vasygrek-and-mr-burns/](https://www.facct.ru/blog/vasygrek-and-mr-burns/) ⌘ [Read more](https://mastodon.social/@campuscodi/112753364606398656) 2024-07-08T23:23:37Z ****
ASD ACSC advisory on APT40

[https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/apt40-advisory-prc-mss-tradecraft-in-action](https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/apt40-advisory-prc-mss-tradecraft-in-action) ⌘ [Read more](https://mastodon.social/@campuscodi/112753443938600812) 2024-07-09T00:54:44Z ****
People invest way too much time and effort into Messi-v-Ronaldo discussions on Facebook in 2024.

You'd think this topic would have gotten boring after 18 years ⌘ [Read more](https://mastodon.social/@campuscodi/112753802243909558) 2024-07-09T01:14:58Z ****
Ghostscript RCE now exploited in the wild: [https://mastodon.social/@llimllib@hachyderm.io/112722578871268790](https://mastodon.social/@llimllib@hachyderm.io/112722578871268790) ⌘ [Read more](https://mastodon.social/@campuscodi/112753881776408170) 2024-07-09T01:34:19Z ****
This is extremely impractical advice ⌘ [Read more](https://mastodon.social/@campuscodi/112753957891550207) 2024-07-09T14:55:09Z ****
Authorities from the US, Canada, and the Netherlands say that Russian state-sponsored media organization RT and its affiliates have been abusing an AI tool named Meliorator to spread Kremlin propaganda on Twitter.

PDF: [https://www.ic3.gov/Media/News/2024/240709.pdf](https://www.ic3.gov/Media/News/2024/240709.pdf) ⌘ [Read more](https://mastodon.social/@campuscodi/112757106879314385) 2024-07-09T15:15:14Z ****
New Blast-RADIUS attack

"Blast-RADIUS is a protocol vulnerability, and thus affects all RADIUS implementations using non-EAP authentication methods over UDP."

[https://www.blastradius.fail/](https://www.blastradius.fail/) ⌘ [Read more](https://mastodon.social/@campuscodi/112757185889360656) 2024-07-09T16:25:33Z ****
The Justice Department has taken down this botnet, per a press release published a few minutes ago: [https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners](https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners) ⌘ [Read more](https://mastodon.social/@campuscodi/112757462382855949) 2024-07-09T21:14:35Z ****
Talks from the BSides San Francisco 2024 security conference, which took place in May, are now available on YouTube

[https://www.youtube.com/playlist?list=PLbZzXF2qC3RtlV2pwcvdbsCBc1Vb8kwVw](https://www.youtube.com/playlist?list=PLbZzXF2qC3RtlV2pwcvdbsCBc1Vb8kwVw) ⌘ [Read more](https://mastodon.social/@campuscodi/112758598894107906) 2024-07-09T21:14:09Z ****
Microsoft's Manuel Berrueta has open-sourced Flow Analyzer, a tool for helping in low level understanding and testing of OAuth 2.0 Grants/Flows.

[https://github.com/ManuelBerrueta/FlowAnalyzer](https://github.com/ManuelBerrueta/FlowAnalyzer) ⌘ [Read more](https://mastodon.social/@campuscodi/112758597220413582) 2024-07-10T08:29:26Z ****
Also:

-Houthi APT targets neighboring militaries

-Houthi APT targets human rights groups

-New DPRK npm malware

-New CloudSorcerer APT

-Five Eyes & friends call out China's APT40

-Malware report on Kematian-Stealer, SilverFox, Coyote

-Russian security firm doxes Ukrainian malware devs, ignores all the Russian malware devs

-Russia orders Apple to remove 25 VPN apps

-CNMF's slow death

-Firefox 128 is out

-A bunch of new infosec tools—MailGoose, Incidental, Atom Ducky, Flow Analyzer, View8 ⌘ [Read more](https://mastodon.social/@campuscodi/112761252535217910) 2024-07-10T08:24:44Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-us-takes-down-rts-twitter-bot-farm/](https://news.risky.biz/risky-biz-news-us-takes-down-rts-twitter-bot-farm/)

Podcast: [https://risky.biz/RBNEWS306/](https://risky.biz/RBNEWS306/)

-US takes down RT's Twitter bot farm

-Ukrainian APT hacked elevator PLCs

-Avast secretly developed a DoNeX ransomware decrypter months ago

-Adobe Reader zero-day patch coming in August

-Patch Tuesday is out

-2 Windows zero-days

-New Blast-RADIUS attack breaks RADIUS authentic ... ⌘ [Read more](https://mastodon.social/@campuscodi/112761234035860746) 2024-07-10T22:11:43Z ****
"The 2024 GOP platform looks to boost crypto, AI and Elon Musk."

LoooooL.... the US tech scene is so cooked! Grifters everywhere!

[https://s2.washingtonpost.com/camp-rw/?trackId=624610cbf03bc02e7d7af4cc&s=668e883f03b15602f64a019b&linknum=2&linktot=61](https://s2.washingtonpost.com/camp-rw/?trackId=624610cbf03bc02e7d7af4cc&s=668e883f03b15602f64a019b&linknum=2&linktot=61) ⌘ [Read more](https://mastodon.social/@campuscodi/112764485884252533) 2024-07-11T12:54:24Z ****
Cloud storage provider Snowflake is now letting tenants force MFA for all their users.

[https://www.snowflake.com/blog/snowflake-admins-enforce-mandatory-mfa/](https://www.snowflake.com/blog/snowflake-admins-enforce-mandatory-mfa/) ⌘ [Read more](https://mastodon.social/@campuscodi/112767956717881089) 2024-07-11T12:54:06Z ****
I just found out the Barcelona Olympics torch lighting ceremony was faked and my life won't be the same.

This is worse than the moon landing! ⌘ [Read more](https://mastodon.social/@campuscodi/112767955549920288) 2024-07-11T13:04:59Z ****
"Legal entities in the UK, often run by very young Russian individuals, are used to channel the necessary volatile digital resources to the constant creation of new providers that share a few common international upstreams. The technical infrastructure of Doppelganger is extensive, comprising of more than 300 network prefixes and 100k IP addresses with a market value of €5mil or a leasing cost of approx 50,000€/month." ⌘ [Read more](https://mastodon.social/@campuscodi/112767998308494703) 2024-07-11T13:04:08Z ****
A joint report between Correctiv and the Qurium Foundation exposes how the Doppelganger Russian disinformation group largely relies on companies from within the EU to spread their propaganda.

[https://correctiv.org/faktencheck/russische-desinformation/2024/07/11/doppelgaenger-wie-russland-eu-unternehmen-fuer-desinformation-und-propaganda-nutzt/](https://correctiv.org/faktencheck/russische-desinformation/2024/07/11/doppelgaenger-wie-russland-eu-unternehmen-fuer-desinformation-und-propaganda-nutzt/)

[https://www ... ⌘ [Read more](https://mastodon.social/@campuscodi/112767994963109659) 2024-07-11T16:47:25Z ****
The Cyber Threat Alliance has published its threat assessment for the upcoming Paris 2024 Olympic Games.

[https://www.cyberthreatalliance.org/cyber-threat-alliance-releases-2024-olympics-threat-assessment-report/](https://www.cyberthreatalliance.org/cyber-threat-alliance-releases-2024-olympics-threat-assessment-report/) ⌘ [Read more](https://mastodon.social/@campuscodi/112768872991128220) 2024-07-11T16:54:01Z ****
Cisco Talos researchers have found 15 vulnerabilities in Realtek rtl819x Jungle, an SDK used for the company's SOHO router firmware

[https://blog.talosintelligence.com/vulnerability-roundup-july-10-2024/](https://blog.talosintelligence.com/vulnerability-roundup-july-10-2024/) ⌘ [Read more](https://mastodon.social/@campuscodi/112768898956377613) 2024-07-11T16:53:19Z ****
Google says it's increasing the maximum reward in its VRP by five times to a maximum reward of $151,515

[https://bughunters.google.com/blog/5400513950908416/increasing-google-alphabet-vrp-rewards-up-to-151-515](https://bughunters.google.com/blog/5400513950908416/increasing-google-alphabet-vrp-rewards-up-to-151-515) ⌘ [Read more](https://mastodon.social/@campuscodi/112768896196379198) 2024-07-11T16:47:47Z ****
OALabs has published a report on the new ZharkBot malware loader

[https://research.openanalysis.net/zharkbot/rust/triage/2024/07/07/zharkbot.html](https://research.openanalysis.net/zharkbot/rust/triage/2024/07/07/zharkbot.html) ⌘ [Read more](https://mastodon.social/@campuscodi/112768874393919871) 2024-07-11T17:09:58Z ****
Cloudflare says 6.8% of all the traffic it sees is malicious and needs to be mitigated

[https://blog.cloudflare.com/application-security-report-2024-update](https://blog.cloudflare.com/application-security-report-2024-update) ⌘ [Read more](https://mastodon.social/@campuscodi/112768961627974686) 2024-07-11T17:31:00Z ****
The Exim project has released a security patch to fix a major vulnerability in its email server.

Tracked as CVE-2024-39929, the vulnerability can allow threat actors to bypass Exim security filters and deliver malicious emails to users' inboxes.

[https://nvd.nist.gov/vuln/detail/CVE-2024-39929](https://nvd.nist.gov/vuln/detail/CVE-2024-39929) ⌘ [Read more](https://mastodon.social/@campuscodi/112769044328081700) 2024-07-11T17:30:18Z ****
Philippine authorities have detained four suspects believed to be members of the BLOODSEC hacking group

[http://nbi.gov.ph/press\_releases/2024/07102024/8597/](http://nbi.gov.ph/press_releases/2024/07102024/8597/) ⌘ [Read more](https://mastodon.social/@campuscodi/112769041595867581) 2024-07-11T19:17:07Z ****
Russia's internet watchdog has announced that all social media account owners with a following of more than 1,000 users must provide their real names to authorities

[https://tass.ru/obschestvo/21332093](https://tass.ru/obschestvo/21332093) ⌘ [Read more](https://mastodon.social/@campuscodi/112769461635827492) 2024-07-11T19:15:02Z ****
Local cybersecurity experts are encouraging the Indonesian government to establish a fourth military branch dedicated to cyber operations

[https://www.thedefensepost.com/2024/07/10/indonesia-military-branch-cyber/](https://www.thedefensepost.com/2024/07/10/indonesia-military-branch-cyber/) ⌘ [Read more](https://mastodon.social/@campuscodi/112769453408933542) 2024-07-11T19:49:57Z ****
Elastic's security team has published a technical report on a new Windows vulnerability class they're calling False File Immutability

"We will demonstrate how one such vulnerability in the Windows 11 kernel can be exploited to achieve arbitrary code execution with kernel privileges."

[https://www.elastic.co/security-labs/false-file-immutability](https://www.elastic.co/security-labs/false-file-immutability) ⌘ [Read more](https://mastodon.social/@campuscodi/112769590721677742) 2024-07-12T10:05:11Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-apple-warns-iphone-users-of-new-spyware-attacks/](https://news.risky.biz/risky-biz-news-apple-warns-iphone-users-of-new-spyware-attacks/)

Podcast: [https://risky.biz/RBNEWS307/](https://risky.biz/RBNEWS307/)

-Apple warns iPhone users of new spyware attacks

-BLOODSEC hackers detained in the Philippines

-South Africa agency lost $16.6mil in 10 years to hacks

-NATO to establish new cyber center

-MOVEit hacks fallout is gonna get super expensive

-Google adds ... ⌘ [Read more](https://mastodon.social/@campuscodi/112772953644903397) 2024-07-12T10:09:37Z ****
Plus:

-Huione Guarantee identified as big money laundering hub

-New CRYSTALRAY group

-Malware reports on ViperSoftX, ZharkBot, DarkGate, Hardbit ransomware 4.0, BianLian, Akira, and new Estate ransomware

-APT41's DodgeBox malware

-Doppelganger infrastructure exposed

-Microsoft zero-day abused for 18 months before discovery

-New Exim, Realtek, GitLab, and ServiceNow vulnerabilities

-New False File Immutability vuln class

-Google VRP antes up rewards

-SO-CON 2024 videos ⌘ [Read more](https://mastodon.social/@campuscodi/112772971069981393) 2024-07-13T21:29:50Z ****
Google is removing EnTrust in October from Chrome.

Per Censys, they were the 22nd largest CA on the internet

[https://censys.com/google-entrust-internet/](https://censys.com/google-entrust-internet/) ⌘ [Read more](https://mastodon.social/@campuscodi/112781308088213457) 2024-07-14T01:11:40Z ****
Congratulations USA... apparently letting foreign info-ops run wild on your social networks under the guise of "free speech" has the results operators intended ⌘ [Read more](https://mastodon.social/@campuscodi/112782180388739196) 2024-07-14T01:18:25Z ****
A threat actor has stolen $1.8 million worth of crypto-assets from decentralized finance (DeFi) protocol Dough Finance

[https://cointelegraph.com/news/dough-finance-loses-1-8m-flash-loan-attack](https://cointelegraph.com/news/dough-finance-loses-1-8m-flash-loan-attack) ⌘ [Read more](https://mastodon.social/@campuscodi/112782206906714587) 2024-07-14T02:23:51Z ****
McAfee has published a report on a new social engineering campaign that uses tech support scam sites to encourage users to run malicious PowerShell commands on their PCs.

The commands are designed to download and install malware on targeted systems.

McAfee named this technique ClickFix because most of the tech support sites are advertising the PowerShell commands as a fix for various browser and PC issues.

[https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to- ... ⌘ [Read more](https://mastodon.social/@campuscodi/112782464243379260) 2024-07-14T11:14:33Z ****
SanSec says attacks using the CosmicSting bug have entered the phase of mass exploitation.

The company says it's seeing between three and five stores getting hacked every hour, including major brands.

The vulnerability was patched in early June and impacts roughly three-quarters of all Magento and Adobe Commerce stores.

SanSec describes CosmicSting (CVE-2024-34102) as the worst bug to hit Magento and Adobe Commerce stores in the past two years.

[https://sansec.io/research/cosmicsting-hitting-major-stores](ht ... ⌘ [Read more](https://mastodon.social/@campuscodi/112784550996863510) 2024-07-14T12:12:32Z ****
The Lazarus North Korean hacking group has stolen $2.2 million worth of assets from cryptocurrency service CoinStats.

The company says the hackers orchestrated a massive operation that breached multiple of its third-party service providers.

Lazarus then gained access to its servers and stole the private keys of 1,590 customer wallets.

The incident took place in mid-June, and CoinStats says it rebuilt its entire IT infrastructure after the attack.

[https://coinstats.app/blog/security-incident-report/](https:/ ... ⌘ [Read more](https://mastodon.social/@campuscodi/112784779046353093) 2024-07-14T13:55:23Z ****
Indictment of John Binns, the individual accused of hacking AT&T via its Snowflake account

The indictment is for his older T-Mobile hack

PDF: [https://thedesk.net/wp-content/uploads/2024/01/2023-01-09-T-Mobile-Hack-Indictment.pdf](https://thedesk.net/wp-content/uploads/2024/01/2023-01-09-T-Mobile-Hack-Indictment.pdf) ⌘ [Read more](https://mastodon.social/@campuscodi/112785183433941121) 2024-07-14T16:19:10Z ****
Is the Maine data breach notification website stuck on June 10 for everyone else or just me?

[https://apps.web.maine.gov/online/aeviewer/ME/40/list.shtml](https://apps.web.maine.gov/online/aeviewer/ME/40/list.shtml) ⌘ [Read more](https://mastodon.social/@campuscodi/112785748796755261) 2024-07-14T18:03:30Z ****
There's no way someone built something like this

[https://github.com/richiehowelll/cat-lock](https://github.com/richiehowelll/cat-lock) ⌘ [Read more](https://mastodon.social/@campuscodi/112786159084617148) 2024-07-14T18:24:16Z ****
Talks from the Open Confidential Computing 2024 security conference, which took place in March, are now available on YouTube

[https://www.youtube.com/playlist?list=PLEhAl3D5WVvQkacQjSrdmGPdX21ruGVSN](https://www.youtube.com/playlist?list=PLEhAl3D5WVvQkacQjSrdmGPdX21ruGVSN) ⌘ [Read more](https://mastodon.social/@campuscodi/112786240707360048) 2024-07-14T18:23:50Z ****
Security researcher Evan Ikeda has published details and a PoC for an SSF vulnerability in the Havoc C2 server, a toolkit commonly used by threat actors to host malware command and control servers

[https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/](https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/) ⌘ [Read more](https://mastodon.social/@campuscodi/112786239004008969) 2024-07-14T18:40:28Z ****
Tomorrow's newsletter will focus on this incident and how this "issue" is a MAJOR DISASTER waiting to happen.

While only crypto sites have been targeted, imagine what happens if ransomware groups catch on to this.... and especially this item [see screenshot]

JFC! That's one hell of a loophole!

[https://mastodon.social/@GossiTheDog@cyberplace.social/112779210595042653](https://mastodon.social/@GossiTheDog@cyberplace.social/112779210595042653)

Screenshot source, PDF: [https://github.com/security-alliance/advis ... ⌘ [Read more](https://mastodon.social/@campuscodi/112786304462543506) 2024-07-14T19:43:42Z ****
Users/fans on Reddit and some gaming news outlets are now confirming that the supposed Disney 1.1TB leak is authentic.

The data allegedly comes from Disney's internal Slack channel.

A hacktivist group NullBulge leaked it in response to Disney's treatment of its writers and artists ⌘ [Read more](https://mastodon.social/@campuscodi/112786553101228687) 2024-07-14T23:02:50Z ****
Notice how they throw that employee/source under the bus... ⌘ [Read more](https://mastodon.social/@campuscodi/112787336103664389) 2024-07-15T09:17:56Z ****
Also:

-Google in talks to acquire Wiz for $23bil

-3-5 Magento sites getting hacked every 1h using new CosmicSting vulnerability

-New FishXProxy phishing kit

-ClickFix campaigns still active

-Massive malvertising campaign still underway

-New npm malware

-Malware reports on ShadowRoot, TangleBot, DarkGate, BraodoStealer

-EU encouraged to use sanctions against spyware makers

-PyPI dev leaked a token

-OC3 2024 videos ⌘ [Read more](https://mastodon.social/@campuscodi/112789754753320513) 2024-07-15T09:12:57Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-squarespace-dns-hijack-spree-hits-crypto-sites-everyone-else-watch-out/](https://news.risky.biz/risky-biz-news-squarespace-dns-hijack-spree-hits-crypto-sites-everyone-else-watch-out/)

Podcast: [https://risky.biz/RBNEWS308/](https://risky.biz/RBNEWS308/)

-Squarespace DNS hijack spree hits crypto sites

-AT&T discloses Snowflake hack

-Disney internal Slack channel hacked

-Russia plans to ban YouTube later this year

-Lazarus blamed for CoinStats hack

-CDK and ... ⌘ [Read more](https://mastodon.social/@campuscodi/112789735145904140) 2024-07-15T14:20:14Z ****
Never let a good crisis go to waste

Trump-appointed judge dismisses Trump's classified documents case, one of the clearest cases of a crime in history

[https://edition.cnn.com/2024/07/15/politics/classified-documents-case-trump-dismissed-aileen-cannon/index.html](https://edition.cnn.com/2024/07/15/politics/classified-documents-case-trump-dismissed-aileen-cannon/index.html) ⌘ [Read more](https://mastodon.social/@campuscodi/112790943493022983) 2024-07-16T09:47:44Z ****
So apparently there was a fifth crypto-service that got hit by the Squarespace DNS hijacks who never disclosed the incident.

I looked at their site and social media sites to discover I actually blocked them on Twitter for spamming my tweets.

Yeah... looks like a legit business indeed! Much transparent, much trustworthy! ![:thinkerguns:](https://files.mastodon.social/custom_emojis/images/000/010/444/original/ad0f730111fcec86.png) ⌘ [Read more](https://mastodon.social/@campuscodi/112795534279850036) 2024-07-16T17:54:02Z ****
Come commit genocide and die on behalf of your corrupt government... or else:

[https://mastodon.social/@kevinrothrock@infosec.exchange/112797391816834739](https://mastodon.social/@kevinrothrock@infosec.exchange/112797391816834739) ⌘ [Read more](https://mastodon.social/@campuscodi/112797446439177264) 2024-07-16T17:56:10Z ****
CISA says threat actors are exploiting a recently patched vulnerability in GeoServer installations.

[https://www.cisa.gov/news-events/alerts/2024/07/15/cisa-adds-one-known-exploited-vulnerability-catalog](https://www.cisa.gov/news-events/alerts/2024/07/15/cisa-adds-one-known-exploited-vulnerability-catalog)

The attacks are exploiting one of two remote code execution bugs the GeoServer team patched at the start of the month.

Attacks began a week after proof-of-concept code was publicly shared on GitHub.

[http ... ⌘ [Read more](https://mastodon.social/@campuscodi/112797454836766160) 2024-07-16T17:55:24Z ****
Vulnerability disclosure platform SSD has accused Sonicwall of secretly patching a major security flaw in its SMA100 security appliances

[https://ssd-disclosure.com/ssd-advisory-sonicwall-sma100-stored-xss-to-rce/](https://ssd-disclosure.com/ssd-advisory-sonicwall-sma100-stored-xss-to-rce/) ⌘ [Read more](https://mastodon.social/@campuscodi/112797451857356590) 2024-07-17T07:58:56Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-konfety-gang-creates-an-alternate-reality-for-its-mobile-ad-fraud/](https://news.risky.biz/risky-biz-news-konfety-gang-creates-an-alternate-reality-for-its-mobile-ad-fraud/)

Podcast: [https://risky.biz/RBNEWS309/](https://risky.biz/RBNEWS309/)

-Kasperksy winds down US business

-Ukraine detains fraud group stealing from dead soldiers

-SSD accuses Sonicwall of hiding a security flaw

-Konfety gang creates an alternate reality for its mobile ad fraud

-LIFI hac ... ⌘ [Read more](https://mastodon.social/@campuscodi/112800768746269139) 2024-07-17T08:02:33Z ****
Plus:

-GeoServer and Apache HugeGraph servers exploited in the wild

-SharePoint RCE POCs published online

-Minterest hacked for $1.4 million

-Ukraine's GUR defaces 100+ Russian sites

-Russia formally threatens YouTube

-SEXi ransomware rebrands as APT INC

-DDoS attacks targeting Romania on the rise

-Malware reports on Killer Ultra and BadPack

-Lazarus money laundering linked to Huione platform

-APT reports on TAG-100, VoidBanshee, MirrorFace, Doppelganger, MuddyWater ⌘ [Read more](https://mastodon.social/@campuscodi/112800782944292368) 2024-07-17T14:43:24Z ****
This is why I've always supported a TikTok ban.

Every time anyone has done any kind of study, this site has pushed right-wing propaganda on clean, newly registered accounts within minutes of being created.

Never trust anything from an autocratic regime.

[https://mastodon.social/@arstechnica/112802050090902629](https://mastodon.social/@arstechnica/112802050090902629) ⌘ [Read more](https://mastodon.social/@campuscodi/112802359160888428) 2024-07-17T15:57:07Z ****
Cryptocurrency phishing platform Angel Drainer has shut down operations hours after a security firm claimed to have identified its members

[https://cointelegraph.com/news/angel-drainer-reportedly-shuts-down-after-devs-identified](https://cointelegraph.com/news/angel-drainer-reportedly-shuts-down-after-devs-identified)

A brief analysis of Angel Drainer:

[https://muellerberndt.medium.com/a-brief-analysis-of-angel-drainer-1660d15c9248](https://muellerberndt.medium.com/a-brief-analysis-of-angel-drainer-1660d15c92 ... ⌘ [Read more](https://mastodon.social/@campuscodi/112802649043920990) 2024-07-17T16:06:06Z ****
TrickBot member detained in Moscow at Interpol's request

[https://x.com/shakirov2036/status/1813529247090421903](https://x.com/shakirov2036/status/1813529247090421903) ⌘ [Read more](https://mastodon.social/@campuscodi/112802684382936636) 2024-07-18T02:32:58Z ****
Malicious Python Packages Reveal Extensive Cybercriminal Operation Based in Iraq

[https://checkmarx.com/blog/malicious-python-packages-reveal-extensive-cybercriminal-operation-based-in-iraq/](https://checkmarx.com/blog/malicious-python-packages-reveal-extensive-cybercriminal-operation-based-in-iraq/) ⌘ [Read more](https://mastodon.social/@campuscodi/112805149308981045) 2024-07-18T09:39:46Z ****
Despite months-long negotiations, member states have not made any meaningful changes to the upcoming UN Cybercrime Convention, which still grants countries expanded surveillance powers with no human rights and privacy safeguards.

[https://www.eff.org/deeplinks/2024/07/un-cybercrime-draft-convention-dangerously-expands-state-surveillance-powers](https://www.eff.org/deeplinks/2024/07/un-cybercrime-draft-convention-dangerously-expands-state-surveillance-powers) ⌘ [Read more](https://mastodon.social/@campuscodi/112806827580951015) 2024-07-18T10:04:24Z ****
One of the world's largest boat and yacht retailers is notifying customers of a security breach.

MarineMax says a ransomware gang gained access to its systems in March and stole the personal details of more than 123,000 customers.

The breach is extremely sensitive as it contains details on individuals with considerable financial resources, who are typically the prime targets for extortion and threats.

[https://www.bleepingcomputer.com/news/security/yacht-giant-marinemax-data-breach-impacts-over-123-000-people ... ⌘ [Read more](https://mastodon.social/@campuscodi/112806924411830320) 2024-07-18T10:19:30Z ****
"Indian crypto exchange WazirX on Thursday confirmed it had suffered a security breach after about $230 million in assets were “suspiciously transferred” out of the platform earlier in the day." (via [@refsrc](https://mastodon.social/@refsrc))

[https://techcrunch.com/2024/07/18/indias-wazirx-confirms-security-breach-after-230-million-suspicious-transfer/](https://techcrunch.com/2024/07/18/indias-wazirx-confirms-security-breach-after-230-million-suspicious-transfer/) ⌘ [Read more](https://mastodon.social/@campuscodi/112806983815269779) 2024-07-18T11:37:14Z ****
I'll never understand news outlets that don't have an RSS feed

I just cant... ![:sadness:](https://files.mastodon.social/custom_emojis/images/000/158/747/original/2345f0283e1323f2.png) ⌘ [Read more](https://mastodon.social/@campuscodi/112807289463153139) 2024-07-18T11:34:31Z ****
Ukrainian authorities have detained the members of a cybercrime crew that stole funds from local businesses after infecting them with malware.

The group is believed to have stolen almost $150,000 from hacks carried out this year.

Authorities detained two suspects this week on hacking and kidnapping charges.

Ukraine's Cyber Police says the duo kidnapped their own accomplice in an attempt to appropriate his share of the earnings.

[https://cyberpolice.gov.ua/news/pryvlasnyly-ponad--mln-grn-z-raxunkiv-pidpryyems ... ⌘ [Read more](https://mastodon.social/@campuscodi/112807278768959831) 2024-07-18T12:58:13Z ****
[@ESETresearch](https://infosec.exchange/@ESETresearch) finds new Chrome badness

[https://threadreaderapp.com/thread/1813871195823181918.html](https://threadreaderapp.com/thread/1813871195823181918.html) ⌘ [Read more](https://mastodon.social/@campuscodi/112807607880324554) 2024-07-18T14:14:07Z ****
CitizenLab has discovered a new attack named Port Shadow that can allow threat actors to launch machine-in-the-middle attacks on VPN connections.

The attack involves sending specially crafted packets to VPN servers.

The packets exploit the server's connection tracking feature to redirect other users' traffic through the attacker's infrastructure.

CitizenLab says the vulnerability affects OpenVPN, WireGuard, and OpenConnect servers running on Linux or FreeBSD.

[https://citizenlab.ca/2024/07/vulnerabilities-in ... ⌘ [Read more](https://mastodon.social/@campuscodi/112807906374428831) 2024-07-18T14:13:35Z ****
Wiz security researchers have uncovered a suite of vulnerabilities collectively in SAP's AI Core that can allow malicious actors to take over the service and access customer data.

Wiz says the vulnerabilities could have also been used to contaminate AI artefacts and even to spread to related customer services.

The vulnerabilities are collectively known as SAPwned and were fixed throughout the year.

[https://www.wiz.io/blog/sapwned-sap-ai-vulnerabilities-ai-security](https://www.wiz.io/blog/sapwned-sap-ai-vuln ... ⌘ [Read more](https://mastodon.social/@campuscodi/112807904226226896) 2024-07-18T14:33:57Z ****
Cado Security has discovered threat actors abusing Cloudflare's WARP service to launch scanning and reconnaisance attacks.

Cado says the attacks are leveraging a common misconfiguration where system administrators are allowlisting all of Cloudflare's IP ranges instead of just those specific to a given service.

The company says it has observed crypto-mining and SSH brute-force groups use this technique to bypass Cloudflare security defenses.

[https://www.cadosecurity.com/news-and-events/warpscan-cloudflare-war ... ⌘ [Read more](https://mastodon.social/@campuscodi/112807984299398814) 2024-07-18T15:13:17Z ****
Talks from the BlueHat IL 2024 security conference, which took place in May, are now available on YouTube

[https://www.youtube.com/watch?v=KhdzIPPW4W0](https://www.youtube.com/watch?v=KhdzIPPW4W0) ⌘ [Read more](https://mastodon.social/@campuscodi/112808139019513242) 2024-07-18T15:10:20Z ****
European hosting companies Hetzner and Hostinger suspended accounts linked to Russian disinformation group Doppelganger.

The web hosting accounts were exposed in a hoint report last week by Correctiv and the Qurium Foundation.

The suspension has impacted around 35% of the group's web hosting infrastructure.

[https://correctiv.org/aktuelles/russland-ukraine-2/2024/07/18/nach-correctiv-recherche-russische-propaganda-kampagne-geraet-ins-stocken/](https://correctiv.org/aktuelles/russland-ukraine-2/2024/07/18/nach ... ⌘ [Read more](https://mastodon.social/@campuscodi/112808127425837996) 2024-07-18T16:14:00Z ****
The Ukrainian government says that a threat actor known as UAC-0180 has been targeted local defense enterprises with spear-phishing emails using the topic of UV purchases as lures

[https://cip.gov.ua/en/news/kiberzlochinci-vikoristovuyut-tematiku-zakupivel-bpla-dlya-atak-na-oboronni-pidpriyemstva](https://cip.gov.ua/en/news/kiberzlochinci-vikoristovuyut-tematiku-zakupivel-bpla-dlya-atak-na-oboronni-pidpriyemstva) ⌘ [Read more](https://mastodon.social/@campuscodi/112808377727558106) 2024-07-18T16:12:59Z ****
Blockchain identity platform Fractal ID suffered a data breach on July 14.

The company says that a threat actor gained access to an employee account and ran an API script that collected personal data from customer accounts.

At least four crypto platforms (Gnosis Pay, Polygon, Ripple, and NEAR) have confirmed that their users were impacted.

PDF: [https://app.fractal.id/documents/id/breach-notification.pdf](https://app.fractal.id/documents/id/breach-notification.pdf) ⌘ [Read more](https://mastodon.social/@campuscodi/112808373741240127) 2024-07-18T16:49:41Z ****
A new report claims that Google appears to have switched to a no-index default policy and is refusing to crawl new content unless it deems it necessary

[https://www.vincentschmalbach.com/google-now-defaults-to-not-indexing-your-content/](https://www.vincentschmalbach.com/google-now-defaults-to-not-indexing-your-content/) ⌘ [Read more](https://mastodon.social/@campuscodi/112808518053311559) 2024-07-18T17:06:38Z ****
Orange CERT has discovered a previously known traffic-distribution system (TDS) used to redirect traffic from hacked sites to affiliate marketing scams.

Named R0BL0CH0N, Orange says the TDS has impacted more than 110 million Internet users.

[https://www.orangecyberdefense.com/global/blog/cert-news/r0bl0ch0n-tds-a-deep-dive-into-the-infrastructure-of-an-affiliate-marketing-scam](https://www.orangecyberdefense.com/global/blog/cert-news/r0bl0ch0n-tds-a-deep-dive-into-the-infrastructure-of-an-affiliate-marketing-s ... ⌘ [Read more](https://mastodon.social/@campuscodi/112808584686355115) 2024-07-18T18:18:55Z ****
"Over the last few years, our consumer-focused Pwn2Own event took place in the Trend Micro office in Toronto. However, that office closed, so we needed to find a new home. This isn’t unusual for this event, as it moved from Amsterdam to Tokyo to Austin to Toronto. We’re moving again. This year, we are heading to our offices in Cork, Ireland!"

[https://www.zerodayinitiative.com/blog/2024/7/16/announcing-pwn2own-ireland-2024](https://www.zerodayinitiative.com/blog/2024/7/16/announcing-pwn2own-ireland-2024) ⌘ [Read more](https://mastodon.social/@campuscodi/112808868950351283) 2024-07-18T19:25:02Z ****
Hackney ransomware attack initial access

RDP on the kiosk/kiosk account 🤦‍♂️

Source: [https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/07/london-borough-of-hackney-reprimanded-following-cyber-attack/](https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/07/london-borough-of-hackney-reprimanded-following-cyber-attack/)

cc: [@GossiTheDog](https://cyberplace.social/@GossiTheDog) ⌘ [Read more](https://mastodon.social/@campuscodi/112809128939528194) 2024-07-18T19:49:58Z ****
Chengdu 404, one of the APT41 contractors, is in the middle of a hiring spree

No news on i-SOON ![:sadness:](https://files.mastodon.social/custom_emojis/images/000/158/747/original/2345f0283e1323f2.png)

[https://www.intelligenceonline.com/surveillance--interception/2024/07/18/chengdu-404-s-hiring-spree-siren-at-nypd-raid-buys-chinese-drones,110269612-art](https://www.intelligenceonline.com/surveillance--interception/2024/07/18/chengdu-404-s-hiring-spree-siren-at-nypd-raid-buys-chinese-drones,110269612-art)

In ... ⌘ [Read more](https://mastodon.social/@campuscodi/112809226936510061) 2024-07-18T23:12:23Z ****
Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group

-Ruslan Magomedovich Astamirov (АСТАМИРОВ, Руслан Магомедовичь), 21, a Russian national of Chechen Republic, Russia

-Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario

[https://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group](https://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group) ⌘ [Read more](https://mastodon.social/@campuscodi/112810022866768527) 2024-07-19T08:33:26Z ****
wtf Crowdstrike... my gym ID scanner is down... get your s\*\*t together ⌘ [Read more](https://mastodon.social/@campuscodi/112812229058367524) 2024-07-19T08:41:29Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-trickbot-dev-arrested-in-moscow/](https://news.risky.biz/risky-biz-news-trickbot-dev-arrested-in-moscow/)

Podcast: [https://risky.biz/RBNEWS310/](https://risky.biz/RBNEWS310/)

-Trickbot dev arrested in Moscow

-Indian crypto exchange hacked for $235mil

-Judge dismisses most of SolarWinds SEC lawsuit

-UK wants mandatory ransomware reporting

-new Port Shadow attack on VPNs

-Fractal ID breach impacts cryptoland

-300+ fraud suspects detained

-AstroStress adm ... ⌘ [Read more](https://mastodon.social/@campuscodi/112812260692721332) 2024-07-19T08:45:10Z ****
Plus:

-SocGolish BOINC campaign

-New R0BL0CH0N TDS

-Cloudflare WARP abuse

-FIN7 behind AvNeutralizer tool

-Doppelganger infrastructure taken down

-APT reports on Kimsuky, Patchwork, UAC-0180, Ghost Emperor, APT17, APT41

-Security updates from Oracle, Cisco, Ivanti, Atlassian, Sonicwall

-Two Cisco bugs are just... something else

-SAPwned vulnerability impacts AI systems

-Traffic lights vulnerabilities

-Pwn2Own Toronto moves to Cork, Ireland

-x33fcon and BlueHat IL videos ⌘ [Read more](https://mastodon.social/@campuscodi/112812275155357505) 2024-07-19T15:43:36Z ****
The CrowdStrike outage is also impacting the Mercedes F1 team they're sponsoring... who are in the middle of the Hungarian GP right now ![:KEKW:](https://files.mastodon.social/custom_emojis/images/000/275/356/original/bc4b4fc774be017c.png)

[https://www.youtube.com/watch?v=qm735NyExZQ](https://www.youtube.com/watch?v=qm735NyExZQ) ⌘ [Read more](https://mastodon.social/@campuscodi/112813920487686936) 2024-07-19T16:58:03Z ****
What MSM is focusing on after the CrowdStrike outage:

Automatic updates are bad!

...le sigh! ![:jennpls:](https://files.mastodon.social/custom_emojis/images/000/033/119/original/jennpls.png)![:pensive_party_blob:](https://files.mastodon.social/custom_emojis/images/000/086/980/original/31fd04ff8be27277.png) ⌘ [Read more](https://mastodon.social/@campuscodi/112814213263865559) 2024-07-19T18:40:11Z ****
I wonder how many customers CrowdStrike is gonna lose. Cause I'm already seeing a few people saying they're removing it for good ⌘ [Read more](https://mastodon.social/@campuscodi/112814614869637452) 2024-07-21T12:42:25Z ****
Mandiant's Dan Kelly has published a Twitter post about how one member of a Chinese APT hacked dozens of MMORPG gaming companies.

Kelly says the individual appears to have been running a secret game cheating service that used his access to the gaming company's database to increase in-game currency for users—some of which were Twitch and YouTube streamers.

[https://x.com/int0x00/status/1813937234640617964](https://x.com/int0x00/status/1813937234640617964) ⌘ [Read more](https://mastodon.social/@campuscodi/112824532711756629) 2024-07-22T05:39:53Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-crowdstrike-faulty-update-affects-8-5-million-windows-systems/](https://news.risky.biz/risky-biz-news-crowdstrike-faulty-update-affects-8-5-million-windows-systems/)

Podcast: [https://risky.biz/RBNEWS311/](https://risky.biz/RBNEWS311/)

-CrowdStrike faulty update affects 8.5 million Windows systems

-US sanctions two Russian hacktivists (Cyber Army of Russia Reborn)

-Spain detains three NoNam057 members

-MGM hacking suspect detained in the UK

-Two LockBit me ... ⌘ [Read more](https://mastodon.social/@campuscodi/112828533516997747) 2024-07-22T05:43:38Z ****
Plus:

-ICANN warns .TOP TLD to handle abuse complaints

-Chunghwa Telecom CA incidents

-Apple previews Safari Private Browsing 2.0

-Tech companies form the Coalition for Secure AI

-Hellenic Cadastre hacked

-Google to retire goo[.]gl service next year

-DDoS booter admin sentenced to 21 months

-New Revolver Rabbit group

-Play ransomware write-up

-New TikTok info-ops takedowns

-Chinese APT member had a side-hustle selling MMORPG cheats

-1Panel zero-day gets a fix

-SummerCon and SteelCon streams ⌘ [Read more](https://mastodon.social/@campuscodi/112828548269309079) 2024-07-24T10:04:42Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-new-russian-ics-malware-cuts-heat-to-600-ukrainian-apartment-buildings/](https://news.risky.biz/risky-biz-news-new-russian-ics-malware-cuts-heat-to-600-ukrainian-apartment-buildings/)

Podcast: [https://risky.biz/RBNEWS312/](https://risky.biz/RBNEWS312/)

-New Russian ICS malware cuts heat to 600 Ukrainian apartment buildings

-Telegram fixes zero-day

-Ofcom to look at telco Global Titles

-FCC to investigate "surveillance pricing"

-Google will not deprecate t ... ⌘ [Read more](https://mastodon.social/@campuscodi/112840899486256376) 2024-07-24T10:10:54Z ****
Plus:

-New Vigorish Viper group

-KnowBe4 hired a fake DPRK IT worker

-LA court reeling from ransomware attack

-Israeli newspaper Globes reports massive cyberattack

-Red Art Games got hacked

-CrowdStrike says it developed new recovery technique

-Oracle reaches $115mil privacy lawsuit settlement

-7777-Botnet linked to BEC gang

-Indian company behind Fake-DMCA-takedowns-as-a-service

-APT28 behind Rejetto server attacks

-Wiz leaves Google deal

-Google open-sources Altitude

-BIND security updates ⌘ [Read more](https://mastodon.social/@campuscodi/112840923807956989) 2024-07-25T13:56:32Z ****
EvolvedAim, a cheat tool for Escape from Tarkov, was caught installing malware on its users' devices.

Final payload was an infostealer. Estimated number of victims is around 1K.

[https://www.cyberark.com/resources/threat-research-blog/double-dipping-cheat-developer-gets-caught-red-handed](https://www.cyberark.com/resources/threat-research-blog/double-dipping-cheat-developer-gets-caught-red-handed) ⌘ [Read more](https://mastodon.social/@campuscodi/112847473366163862) 2024-07-25T15:59:20Z ****
French authorities take down PlugX botnet

[https://www.linkedin.com/posts/parquet-de-paris\_communiqu%C3%A9-de-presse-plugx-activity-7222119504518987778-LRCi/](https://www.linkedin.com/posts/parquet-de-paris_communiqu%C3%A9-de-presse-plugx-activity-7222119504518987778-LRCi/) ⌘ [Read more](https://mastodon.social/@campuscodi/112847956216759258) 2024-07-25T16:28:56Z ****
US offers $10 mil reward for Andariel APT member identified as Rim Jong Hyok

[https://www.state.gov/rewards-for-justice-reward-offer-for-information-on-north-korean-malicious-cyber-actor-targeting-u-s-critical-infrastructure/](https://www.state.gov/rewards-for-justice-reward-offer-for-information-on-north-korean-malicious-cyber-actor-targeting-u-s-critical-infrastructure/) ⌘ [Read more](https://mastodon.social/@campuscodi/112848072635305357) 2024-07-25T16:31:59Z ****
Reward comes as both CISA and Google/Mandiant have published reports on the group (Andariel=APT45) today:

[https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a)

[https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine](https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine)

Don't see any sanctions or DOJ indictment yet. ⌘ [Read more](https://mastodon.social/@campuscodi/112848084656445596) 2024-07-25T16:44:25Z ****
According to an FBI Cyber Most Wanted page, he appears to have been charged in Kansas

[https://www.fbi.gov/wanted/cyber/rim-jong-hyok](https://www.fbi.gov/wanted/cyber/rim-jong-hyok) ⌘ [Read more](https://mastodon.social/@campuscodi/112848133544869249) 2024-07-25T19:08:46Z ****
"Recently, two ex-spy chiefs from the German foreign intelligence agency (BND) rang the alarm in a prominent German news outlet. They argued that the German intelligence community was being reduced to ‘toothless watchdogs’ because of ‘an excess of oversight’ and that ‘policies and courts must no longer denigrate intelligence services as a threat to the rights of German citizens’."

[https://bindinghook.com/articles-binding-edge/can-lawyers-lose-wars-by-stifling-cyber-capabilities/](https://bindinghook.com/articl ... ⌘ [Read more](https://mastodon.social/@campuscodi/112848701135556921) 2024-07-26T06:15:24Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-new-dns-attack-impacts-a-quarter-of-all-open-dns-resolvers/](https://news.risky.biz/risky-biz-news-new-dns-attack-impacts-a-quarter-of-all-open-dns-resolvers/)

Podcast: [https://risky.biz/RBNEWS313/](https://risky.biz/RBNEWS313/)

-New DNS attack impacts a quarter of all open DNS resolvers

-EU MP targeted with Candiru spyware;

-Meta suspends Nigerian scammer accounts;

-US charges Andariel member for ransomware attacks

-Israel govt covers NSO in lawsuit

-Te ... ⌘ [Read more](https://mastodon.social/@campuscodi/112851322434799738) 2024-07-26T06:20:35Z ****
Plus:

-Leidos, big US govt IT contractor, gets hacked

-Z-Library copycat leaks user data

-India's BSNL has a breach

-Spytech spyware vendor gets hacked, data leaked

-MonoSwap crypto platform gets hacked

-CrowdStrike blames outage on content validator bug

-A buggy Windows Update is sending systems to LockBit recovery boots

-Proton launches crypto-wallet

-Chrome 127 is out with cookie protection

-Chrome also adds warning for password-protected archives

-Switzerland govt goes FOSS ⌘ [Read more](https://mastodon.social/@campuscodi/112851342818328696) 2024-07-26T06:24:26Z ****
And:

-French authorities take down PlugX botnet, disinfect victims

-New Cronus ransomware

-EvolvedAim Tarkov cheat delivers malware

-Stargazer Goblin group spams GitHub via 3K accounts

-BlackMeta hacktivist group is Anonymous Sudan alternative persona

-Malware reports on SocGolsih, BruteRatel, Flame Stealer

-NVIDIA+Telerik release sec fixes

-Docker AuthZ auth bypass goes unpatched 6 years

-New CFOR vulnerability class

-ConfusedFunction vulnerability in GCP

-Pwnie Awards 2024 nominations are out ⌘ [Read more](https://mastodon.social/@campuscodi/112851357927551049) 2024-07-26T15:37:06Z ****
Happy one-week anniversary, CrowdStrike customers! ⌘ [Read more](https://mastodon.social/@campuscodi/112853531156328638) 2024-07-28T12:16:55Z ****
I could not find any second source for this. Nobody in Russia seems to be complaining about ATMs being down.

Anyone else with a better view has any clues/evidence this actually took place?

[https://www.kyivpost.com/post/36471](https://www.kyivpost.com/post/36471) ⌘ [Read more](https://mastodon.social/@campuscodi/112864068630480715) 2024-07-30T14:56:31Z ****
Some "funny" from tomorrow's edition ⌘ [Read more](https://mastodon.social/@campuscodi/112876020794576940) 2024-07-30T17:39:01Z ****
"Today we’re announcing the public preview of Auxiliary Logs, a new inexpensive Azure Monitor plan for verbose logs used in compliance and security scenarios."

👀 👀 👀 👀

[https://techcommunity.microsoft.com/t5/azure-observability-blog/azure-monitor-logs-next-evolution-multi-tier-logging/ba-p/4200871](https://techcommunity.microsoft.com/t5/azure-observability-blog/azure-monitor-logs-next-evolution-multi-tier-logging/ba-p/4200871) ⌘ [Read more](https://mastodon.social/@campuscodi/112876659743237235) 2024-07-31T06:11:25Z ****
This week's weekly Risky Business podcast makes its YouTube debut:

[https://www.youtube.com/watch?v=mu9xJ2mHayU](https://www.youtube.com/watch?v=mu9xJ2mHayU) ⌘ [Read more](https://mastodon.social/@campuscodi/112879618304395155) 2024-07-31T23:57:35Z ****
I'll 100% break it!

Trust me. I have a pile of them ⌘ [Read more](https://mastodon.social/@campuscodi/112883810673655707) 2024-08-01T13:26:20Z ****
Microsoft has launched the MSRC Researcher Resource Center, a portal hosting educational content for security researchers

[https://msrc.microsoft.com/blog/2024/07/introducing-the-msrc-researcher-resource-center/](https://msrc.microsoft.com/blog/2024/07/introducing-the-msrc-researcher-resource-center/)

[https://www.microsoft.com/msrc/msrc-researcher-resource-center](https://www.microsoft.com/msrc/msrc-researcher-resource-center) ⌘ [Read more](https://mastodon.social/@campuscodi/112886990780728366) 2024-08-04T12:18:19Z ****
I love Vivaldi so much. I love using that browser.

I just wish it wasn't Chrome-based and ad blockers actually worked properly on it.

![:sadness:](https://files.mastodon.social/custom_emojis/images/000/158/747/original/2345f0283e1323f2.png)![:sadness:](https://files.mastodon.social/custom_emojis/images/000/158/747/original/2345f0283e1323f2.png)![:sadness:](https://files.mastodon.social/custom_emojis/images/000/158/747/original/2345f0283e1323f2.png)![:sadness:](https://files.mastodon.social/custom_emojis/images ... ⌘ [Read more](https://mastodon.social/@campuscodi/112903710309444007) 2024-08-04T14:10:52Z ****
This ( [https://mastodon.social/@xarph@rusty.cat/112883189560691757](https://mastodon.social/@xarph@rusty.cat/112883189560691757)) was covered in Friday's edition here:

[https://news.risky.biz/risky-biz-news-sparks-fly-when-lawyers-meet-a-certificate-revocation/](https://news.risky.biz/risky-biz-news-sparks-fly-when-lawyers-meet-a-certificate-revocation/)

I'm really bad at promoting the newsletter as of late :D

But thank you [@XaranDeBruregor](https://masto.bike/@XaranDeBruregor) for the tip-off! ⌘ [Read more](https://mastodon.social/@campuscodi/112904152874098356) 2024-08-04T15:14:44Z ****
The Elementor WordPress plugin is now used by a quarter of all WP sites, making it a bigger attack surface than WooCommerce.

It's also a highly-complex plugin (a GUI-based website builder), which means there's lots of bugs to be discovered and exploited in it

[#threatIntelTips](https://mastodon.social/tags/threatIntelTips)

[https://w3techs.com/technologies/history\_details/cm-wordpress](https://w3techs.com/technologies/history_details/cm-wordpress) ⌘ [Read more](https://mastodon.social/@campuscodi/112904403944509631) 2024-08-05T19:42:05Z ****
It's 2024 and there still are conspiracy theories about Ayrton Senna being murdered

Chill YouTube ⌘ [Read more](https://mastodon.social/@campuscodi/112911117517918933) 2024-08-05T21:06:23Z ****
The Acronis security team has discovered a new ransomware strain being delivered in campaigns in the wild.

Named Zola, the ransomware was first spotted in May and appears to be a rebrand of the older Proton ransomware.

[https://www.acronis.com/en-us/cyber-protection-center/posts/zola-ransomware-the-many-faces-of-the-proton-family/](https://www.acronis.com/en-us/cyber-protection-center/posts/zola-ransomware-the-many-faces-of-the-proton-family/) ⌘ [Read more](https://mastodon.social/@campuscodi/112911449053563660) 2024-08-06T09:56:34Z ****
Talks from the t2 2024 security conference, which took place in April, are now available on YouTube

[https://www.youtube.com/@t2infosec934/videos](https://www.youtube.com/@t2infosec934/videos)

This was the conference's last edition. ![:sadness:](https://files.mastodon.social/custom_emojis/images/000/158/747/original/2345f0283e1323f2.png) ⌘ [Read more](https://mastodon.social/@campuscodi/112914477525035274) 2024-08-06T09:55:37Z ****
Live streams from the BSides Las Vegas 2024 security conference will be available on this YouTube page as they happen

[https://www.youtube.com/@BsideslvOrg/streams](https://www.youtube.com/@BsideslvOrg/streams) ⌘ [Read more](https://mastodon.social/@campuscodi/112914473757192963) 2024-08-06T11:26:01Z ****
Now, the actual question:

Why would the site's owner do this? ⌘ [Read more](https://mastodon.social/@campuscodi/112914829227807981) 2024-08-06T11:25:02Z ****
HotNews[.]ro, one of the largest and most popular news sites in Romania, has been flooded with pro-Russian troll comments for the past two years.

Those comments were usually downvoted and auto-collapsed by other user's votes, who obviously knew what was happening.

The site recently redesigned its comments system to remove the ability to downvote comments and the entire user comments section is just Putin praisers and stupid unrelated anti-EU and "woke liberals" type of comments now ⌘ [Read more](https://mastodon.social/@campuscodi/112914825409038997) 2024-08-06T13:13:32Z ****
Infostealer logs are becoming just as a big of a threat for threat actor OPSEC as they are for the rest of us and I love it!

Dox and catch as many as possible.

[https://www.linkedin.com/feed/update/urn:li:activity:7224688739946500097/](https://www.linkedin.com/feed/update/urn:li:activity:7224688739946500097/) ⌘ [Read more](https://mastodon.social/@campuscodi/112915252040825164) 2024-08-06T18:24:33Z ****
That Axios CEO internal memo is something else.

"Other outlets are poaching our reporters... so that's why we're firing them first" ⌘ [Read more](https://mastodon.social/@campuscodi/112916474981475317) 2024-08-07T18:16:34Z ****
The German cybersecurity agency has published a guide for safely configuring LibreOffice.

[https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Sicherheit\_LibreOffice\_240807.html](https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Sicherheit_LibreOffice_240807.html) ⌘ [Read more](https://mastodon.social/@campuscodi/112922105888154570) 2024-08-07T18:36:51Z ****
According to two reports, Google has allegedly sent an email to some customers to notify them that the company is legally bound to provide some of their confidential data to the US government in the case of investigations.

I honestly thought everyone already knew this, but nice from Google to notify users of it.

[https://targettrend.com/google-says-it-is-obligated-to-disclose-confidential-information-of-users-to-u-s-government/](https://targettrend.com/google-says-it-is-obligated-to-disclose-confidential-infor ... ⌘ [Read more](https://mastodon.social/@campuscodi/112922185673881175) 2024-08-07T20:19:45Z ****
The Global Cyber Alliance has launched the Threat Taming Tools Collection (T3C), an extensive compilation of 300 resources tailored for cybersecurity professionals, researchers, and organizations.

[https://docs.google.com/spreadsheets/u/1/d/1H9\_xaxQHpWaa4O\_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml](https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml) ⌘ [Read more](https://mastodon.social/@campuscodi/112922590264117906) 2024-08-08T08:51:33Z ****
Criminal duo flee Russia and Kazakhstan, seek asylum in US, out of all places, get arrested and charged for said crimes

The definition of "shit for brains" right here.

Later edit: Both men were the admins of WWH Club, an underground cybercrime forum.

[https://www.courtwatch.news/p/exclusive-massive-criminal-online](https://www.courtwatch.news/p/exclusive-massive-criminal-online) ⌘ [Read more](https://mastodon.social/@campuscodi/112925546494438272) 2024-08-08T10:05:33Z ****
Accenture has developed a new Extortion Group Maturity Model (EGMM) that assesses the credibility and stability of ransomware and data extortion groups

[https://www.accenture.com/us-en/blogs/security/new-model-understanding-extortion-groups](https://www.accenture.com/us-en/blogs/security/new-model-understanding-extortion-groups) ⌘ [Read more](https://mastodon.social/@campuscodi/112925837430580087) 2024-08-08T14:09:40Z ****
The SEC has notified Progress Software that it has closed its investigation into the company's handling of the 2023 MOVEit hacks

No fine or further action (for now)

[https://investors.progress.com/news-releases/news-release-details/progress-announces-conclusion-sec-investigation-moveit](https://investors.progress.com/news-releases/news-release-details/progress-announces-conclusion-sec-investigation-moveit) ⌘ [Read more](https://mastodon.social/@campuscodi/112926797350425642) 2024-08-08T13:54:53Z ****
Calling browsers' support for 0.0.0.0 a zero-day is the S tier on the cringe scale. What's next? Localhost relays are Stuxnet? Chill infosec! ⌘ [Read more](https://mastodon.social/@campuscodi/112926739216699104) 2024-08-08T16:06:44Z ****
Security firm runZero has released SSHamble, a tool that can help security teams validate SSH implementations by testing for uncommon but dangerous misconfigurations and software bugs

[https://www.runzero.com/newsroom/runzero-research-uncovers-exposures-in-ssh/](https://www.runzero.com/newsroom/runzero-research-uncovers-exposures-in-ssh/)

[https://www.runzero.com/sshamble/](https://www.runzero.com/sshamble/)

[https://github.com/runZeroInc/sshamble](https://github.com/runZeroInc/sshamble) ⌘ [Read more](https://mastodon.social/@campuscodi/112927257715450458) 2024-08-08T16:21:27Z ****
The Russian government is now fully blocking access to YouTube. It was previously just throttling its traffic.

A full block was initially expected in September but was accelerated after Ukrainian forces took control of Kursk, and the site began hosting videos of Russian soldiers surrendering en masse and without fighting

[https://meduza.io/en/feature/2024/08/08/youtube-has-suddenly-stopped-working-in-russia-meduza-s-readers-describe-how-they-re-handling-the-loss-of-the-world-s-most-popular-video-streaming-serv ... ⌘ [Read more](https://mastodon.social/@campuscodi/112927315588829040) 2024-08-08T17:17:32Z ****
The Turkish government has blocked access to 27 VPN services across the country.

The ban comes a week after the government also blocked access to Instagram.

[https://ifade.org.tr/engelliweb/turkiyeden-erisime-engelli-vpn-servisleri/](https://ifade.org.tr/engelliweb/turkiyeden-erisime-engelli-vpn-servisleri/) ⌘ [Read more](https://mastodon.social/@campuscodi/112927536107620265) 2024-08-11T10:55:52Z ****
There are no lessons... I only see post bait engagement gold!

[https://mastodon.social/@kevincollier/112940083350768698](https://mastodon.social/@kevincollier/112940083350768698) ⌘ [Read more](https://mastodon.social/@campuscodi/112943022272126272) 2024-08-11T12:19:05Z ****
Google monopoly explained in fine details via one of their internal documents

[https://threadreaderapp.com/thread/1821554841786683554.html](https://threadreaderapp.com/thread/1821554841786683554.html) ⌘ [Read more](https://mastodon.social/@campuscodi/112943349455409583) 2024-08-11T13:52:32Z ****
Bluetooth headphones are utter garbage and who disagrees with me on this has a tiny peepee ⌘ [Read more](https://mastodon.social/@campuscodi/112943716917431912) 2024-08-12T07:52:38Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-trump-campaign-points-finger-at-iranian-hackers-for-documents-leak/](https://news.risky.biz/risky-biz-news-trump-campaign-points-finger-at-iranian-hackers-for-documents-leak/)

Podcast: [https://risky.biz/RBNEWS320/](https://risky.biz/RBNEWS320/)

-Trump campaign points finger at Iranian hackers for documents leak

-Another DPRK laptop farmer detained in the US

-Trend Micro explores sale

-Soccer club gets BECed for transfer fee

-Finnish bug hunters extortioni ... ⌘ [Read more](https://mastodon.social/@campuscodi/112947964039860185) 2024-08-12T07:58:18Z ****
Plus:

-New web timing attacks

-K8s git-sync bug

-Bucket Monopoly AWS vulnerabilities

-OpenVPN vulnerabilities

-Vulnerabilities in Ecovacs mowers and vacuums

-Google Quick Share vulnerable to everlasting WiFi attack

-New unpatched Office NTLM relay attack

-MadLicennse exploit goes live

-Bunch of new tools released at BH (check bottom newsletter)

-BuyMeACoffee leaves Ukraine because of geo-complications

-Mudge is DARPA's new CIO

-DarkVault ransomware missteps

-Researcher hacks RaaS web panels ⌘ [Read more](https://mastodon.social/@campuscodi/112947986364048072) 2024-08-13T01:33:26Z ****
Rental service Airbnb has added a "no crypto-mining" policy after a spat of incidents where tenants installed mining rigs and ran up electricity bills

[https://protos.com/airbnb-host-adds-no-crypto-mining-rule-after-tenant-installs-10-rigs/](https://protos.com/airbnb-host-adds-no-crypto-mining-rule-after-tenant-installs-10-rigs/) ⌘ [Read more](https://mastodon.social/@campuscodi/112952135295672668) 2024-08-13T13:44:15Z ****
ICYMI: The Feds/NCA/GuardiaCivil detained last year one of the ransomware pioneers: [https://www.nationalcrimeagency.gov.uk/news/suspected-head-of-prolific-cybercrime-groups-arrested-and-extradited](https://www.nationalcrimeagency.gov.uk/news/suspected-head-of-prolific-cybercrime-groups-arrested-and-extradited)

He's been extradited to the US to face charges: [https://www.justice.gov/opa/pr/leader-international-malvertising-and-ransomware-schemes-extradited-poland-face-cybercrime](https://www.justice.gov/opa/pr/ ... ⌘ [Read more](https://mastodon.social/@campuscodi/112955008991644409) 2024-08-13T14:53:09Z ****
NIST PQE standards are out: [https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards](https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards) ⌘ [Read more](https://mastodon.social/@campuscodi/112955279871247254) 2024-08-13T18:37:12Z ****
Microsoft patched 186 vulnerabilities, including six zero-days: [https://rawcdn.githack.com/campuscodi/Microsoft-Patch-Tuesday-Security-Reports/fea4520372721dc3d6a5b78beab6e43f73779e60/Reports/MSRC\_CVEs2024-Aug.html](https://rawcdn.githack.com/campuscodi/Microsoft-Patch-Tuesday-Security-Reports/fea4520372721dc3d6a5b78beab6e43f73779e60/Reports/MSRC_CVEs2024-Aug.html)

Adobe also had a massive patch day with 72 fixes: [https://helpx.adobe.com/security/security-bulletin.html](https://helpx.adobe.com/security/secur ... ⌘ [Read more](https://mastodon.social/@campuscodi/112956160888302474) 2024-08-14T08:43:19Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-fbi-seizes-dispossessor-ransomware-servers/](https://news.risky.biz/risky-biz-news-fbi-seizes-dispossessor-ransomware-servers/)

Podcast: [https://risky.biz/RBNEWS321/](https://risky.biz/RBNEWS321/)

-FBI seizes Dispossessor ransomware servers

-US charges Angler exploit kit member

-Hacker leaks upcoming Netflix shows

-UK explores nationwide cyber-deception network

-FBI confirms multiple presidential campaign hack investigations

-Scam group nets $60mil

-Hac ... ⌘ [Read more](https://mastodon.social/@campuscodi/112959487944891835) 2024-08-14T08:47:16Z ****
Plus:

-Musk lies about DDoS during Trump interview fail

-New Vanir RaaS

-Venezuela hacktivism gets underway

-UAC-0198 hacks 100+ Ukrainian govt systems

-Ukraine warns of Russian online disinfo about Kursk campaign

-Dutch team could take over 4mil solar panels

-New Docker registry and GitHub Actions exposures

-Patch Tuesday is out

-6 zero-days patched from Microsoft

-Loads of vulns in Adobe products, Cozy+ gateways, the Azure Health Bot AI Service

-allInfoSecNews shuts down

-Loads of breaches ⌘ [Read more](https://mastodon.social/@campuscodi/112959503470306157) 2024-08-15T00:35:40Z ****
"CyberCX has identified a network of at least 5,000 inauthentic X accounts almost certainly controlled in concert by an AI large language model system."

"The system controlling the network is strongly associated with China, including the likely use of a Chinese-language LLM system and links to an AI researcher affiliated with Tsinghua University and Zhipu AI, a prominent Chinese AI company."

[https://cybercx.com.au/blog/cybercx-unmasks-china-linked-ai-disinformation-capability/](https://cybercx.com.au/blog/cyb ... ⌘ [Read more](https://mastodon.social/@campuscodi/112963232775609440) 2024-08-15T19:28:59Z ****
Meta has published its Adversarial Threat Report for the second quarter of the year. The report covers disinfo operations between April and June.

As always, Russia was "the number one source" for disinfo ops on Meta sites.

Basically, half the report is just Russian ops, many of which are now hired contractors and not just Russian security agencies.

PDF: [https://transparency.fb.com/sr/Q2-2024-Adversarial-threat-report](https://transparency.fb.com/sr/Q2-2024-Adversarial-threat-report) ⌘ [Read more](https://mastodon.social/@campuscodi/112967689158364184) 2024-08-18T11:46:04Z ****
There's more accurate information online on how to contact Cristiano Ronaldo than my own electricity provider ![:hurb:](https://files.mastodon.social/custom_emojis/images/000/345/074/original/a7b8419d23bfa6a2.png)![:hurb:](https://files.mastodon.social/custom_emojis/images/000/345/074/original/a7b8419d23bfa6a2.png)![:hurb:](https://files.mastodon.social/custom_emojis/images/000/345/074/original/a7b8419d23bfa6a2.png)![:hurb:](https://files.mastodon.social/custom_emojis/images/000/345/074/original/a7b8419d23bfa6a2 ... ⌘ [Read more](https://mastodon.social/@campuscodi/112982855815279705) 2024-08-18T12:52:48Z ****
FBI raids US home of Russian-born analyst who advised Trump in 2016

[https://www.theguardian.com/us-news/article/2024/aug/16/fbi-raid-dmitri-simes-trump](https://www.theguardian.com/us-news/article/2024/aug/16/fbi-raid-dmitri-simes-trump) ⌘ [Read more](https://mastodon.social/@campuscodi/112983118199306912) 2024-08-18T14:02:43Z ****
Hmmm... was Egypt there last year? ⌘ [Read more](https://mastodon.social/@campuscodi/112983393158602136) 2024-08-18T14:02:04Z ****
Latest CrowdStrike threat actor naming scheme

Source/PDF: [https://go.crowdstrike.com/rs/281-OBQ-266/images/24-MA-099\_2024-Threat-Hunting-Report\_11.pdf](https://go.crowdstrike.com/rs/281-OBQ-266/images/24-MA-099_2024-Threat-Hunting-Report_11.pdf) ⌘ [Read more](https://mastodon.social/@campuscodi/112983390593432803) 2024-08-18T14:05:32Z ****
Writing for Binding Hook, ECCRI researcher Jakob Bund looks at how Germany's BKA has re-interpreted the search-and-seize local legislation to find a way to go after cybercrime infrastructure

[https://bindinghook.com/articles-hooked-on-trends/bureaucratic-initiative-redefines-german-law-enforcement-cyber-operations/](https://bindinghook.com/articles-hooked-on-trends/bureaucratic-initiative-redefines-german-law-enforcement-cyber-operations/) ⌘ [Read more](https://mastodon.social/@campuscodi/112983404243104906) 2024-08-19T09:17:03Z ****
Plus:

-OpSec mistake reveals identity of Styx Stealer author

-Ransomware hits kids charity

-Trackimo GPs tracker maker hacked

-Token theft attacks at MSFT saw a 111% increase YoY

-US seizes StreamEast domain

-Malware reports on Dolphin Loader, D3F@ck Loader, Ailurophile Stealer, and the Mad Liberator and Brain Cipher ransomware strains

-Vuln reports in MSI's SMM driver and GlobalPlatform TTE API

-New tools—AWS Mine, SCCMSecrets, Ransomware Tool Matrix, OxA11C

-Take Command conference videos ⌘ [Read more](https://mastodon.social/@campuscodi/112987932171933215) 2024-08-19T09:13:43Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-hardware-backdoors-found-in-chinese-key-cards/](https://news.risky.biz/risky-biz-news-hardware-backdoors-found-in-chinese-key-cards/)

Podcast: [https://risky.biz/RBNEWS323/](https://risky.biz/RBNEWS323/)

-Hardware backdoors found in Chinese key cards

-US House wants TP-Link investigated as a national security threat

-Major RCE bug discovered in OpenBMC

-OpenAI takes down Iranian influence op

-Ukraine cyberattack cripples Russian nuclear town

-Unicoin says ... ⌘ [Read more](https://mastodon.social/@campuscodi/112987919079371545) 2024-08-19T19:37:20Z ****
HP... the dumbass laptop vendor who decided to put Thunderbolt ports on a Windows laptop

jfc... what donkey did they hire as an engineer over there! ⌘ [Read more](https://mastodon.social/@campuscodi/112990371225387078) 2024-08-20T09:58:36Z ****
Phrack 71 is out

[http://phrack.org/issues/71/1.html](http://phrack.org/issues/71/1.html) ⌘ [Read more](https://mastodon.social/@campuscodi/112993757860618485) 2024-08-20T15:22:39Z ****
How Russia Hires Spies and Saboteurs Through Telegram

From the OCCRP: [https://www.youtube.com/watch?v=svbjm0FizmE](https://www.youtube.com/watch?v=svbjm0FizmE) ⌘ [Read more](https://mastodon.social/@campuscodi/112995032079148321) 2024-08-21T09:41:04Z ****
Also:

-The Pakistan Great Firewall is crippling its IT industry

-Malware reports on QWERTY Stealer, NUMOZYLOD, UULoader, Msupedge, and Xeon Sender

-UAC-0020 uses PoWs as phishing lures

-Lazarus linked to recent Windows zero-day

-Iranian APT targets Jewish leader with fake podcast invite

-Google winds down Google Play VRP

-PHP-CGI bug used in ransomware attacks

-Jenkins CLI bug used in ransomware attack

-K8s bugs at Azure and GCP

-New Zabbix RCE

-Unfixed bug in OBS

-New Phrack issue out ⌘ [Read more](https://mastodon.social/@campuscodi/112999351212378598) 2024-08-21T09:36:18Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-after-botched-comms-theres-now-a-timeline-for-the-azure-mandatory-mfa-rollout/](https://news.risky.biz/risky-biz-news-after-botched-comms-theres-now-a-timeline-for-the-azure-mandatory-mfa-rollout/)

Podcast: [https://risky.biz/RBNEWS324/](https://risky.biz/RBNEWS324/)

-Mandatory MFA comes to Azure admins in October

-US government confirms Iran hacked Trump campaign

-CISA to get a new fancy HQ

-FAA prepares cyber rules

-British Virgin Islands electric compan ... ⌘ [Read more](https://mastodon.social/@campuscodi/112999332507067745) 2024-08-21T17:05:14Z ****
It's literally easier to delete the game and reinstall it at this point 😂 😂 😂 😂 😂 ⌘ [Read more](https://mastodon.social/@campuscodi/113001097729534418) 2024-08-21T17:04:09Z ****
Holy f\*\*\*ing s\*\*t!

I need 250GB to update Call of Duty!

What tf is wrong with that company's engineers!!!! ⌘ [Read more](https://mastodon.social/@campuscodi/113001093527778680) 2024-08-22T11:11:30Z ****
Incredibly bad vulnerability in LiteSpeed Cache, one of the most widely used WordPress plugins

Lets unauth site visitors spoof user IDs and become admins

[https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites](https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites)

[https://www.wordfence.com/blog/2024/08/over-5000000-site-owners-affected-by-critical-privilege-escalation-vulnerability-patched- ... ⌘ [Read more](https://mastodon.social/@campuscodi/113005369108002090) 2024-08-22T11:10:36Z ****
South Korean security firm S2W looks at the activities of puNK-003, one of three clusters of activity the company believes are related to North Korean hacking operations

[https://medium.com/s2wblog/threat-tracking-analysis-of-punk-003s-lilith-rat-ported-to-autoit-script-30dd59e68213](https://medium.com/s2wblog/threat-tracking-analysis-of-punk-003s-lilith-rat-ported-to-autoit-script-30dd59e68213) ⌘ [Read more](https://mastodon.social/@campuscodi/113005365571541391) 2024-08-22T11:25:32Z ****
There's nothing that gets under my skin more than VC tech bros pushing AI coding tools.

Those things can barely write code that passes half of unit tests and you now want to deploy it in live software, which if I know how software travels, will end up in critical infrastructure in no time?

Seriously? ⌘ [Read more](https://mastodon.social/@campuscodi/113005424330842376) 2024-08-22T11:34:02Z ****
Aon's Stroz Friedberg has found a new Linux malware strain named Sedexp.

The malware has been active since 2022 and has been primarily used to create reverse shells from infected hosts.

[https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp](https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp) ⌘ [Read more](https://mastodon.social/@campuscodi/113005457759995719) 2024-08-22T12:03:34Z ****
Cybersecurity agencies from Five Eyes and friends have published a guide for "Best practices for event logging and threat detection"

[https://www.cyber.gov.au/about-us/view-all-content/news-and-media/best-practices-event-logging-and-threat-detection](https://www.cyber.gov.au/about-us/view-all-content/news-and-media/best-practices-event-logging-and-threat-detection) ⌘ [Read more](https://mastodon.social/@campuscodi/113005573880987215) 2024-08-22T12:37:20Z ****
CISA has updated its KEV database with four vulnerabilities that are currently exploited in the wild:

[https://www.cisa.gov/news-events/alerts/2024/08/21/cisa-adds-four-known-exploited-vulnerabilities-catalog](https://www.cisa.gov/news-events/alerts/2024/08/21/cisa-adds-four-known-exploited-vulnerabilities-catalog)

These include bugs a Linux kernel bug from 2022, an Exchange bug from 2021, and two Dahua bugs from 2021—notorious for being insanely easy to exploit via silly browser extensions: [https://github.co ... ⌘ [Read more](https://mastodon.social/@campuscodi/113005706670122910) 2024-08-22T13:01:16Z ****
Some pretty clever tactic from the Qilin ransomware gang.

Sophos has seen the Qilin group dump Chrome credentials from infected networks.

My two-cents is they're using this to either hack new targets or they're selling the data on underground cred shops.

[https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/](https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/) ⌘ [Read more](https://mastodon.social/@campuscodi/113005800752333649) 2024-08-22T15:12:46Z ****
From [@deviantollam](https://defcon.social/@deviantollam):

"What Happened with the DEF CON Badge This Year?"

[https://www.youtube.com/watch?v=tPrIO0fhikE](https://www.youtube.com/watch?v=tPrIO0fhikE) ⌘ [Read more](https://mastodon.social/@campuscodi/113006317824449172) 2024-08-22T16:46:04Z ****
Cado Security has found a new MaaS advertising a new macOS infostealer named Cthulhu Stealer.

Cado says the service launched in 2023 but appears to have shut down a few months into the new year.

[https://www.cadosecurity.com/blog/from-the-depths-analyzing-the-cthulhu-stealer-malware-for-macos](https://www.cadosecurity.com/blog/from-the-depths-analyzing-the-cthulhu-stealer-malware-for-macos) ⌘ [Read more](https://mastodon.social/@campuscodi/113006684719433139) 2024-08-22T16:45:41Z ****
Synacktiv has open-sourced Octoscan, a static vulnerability scanner for GitHub action workflows

[https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation)

[https://github.com/synacktiv/octoscan](https://github.com/synacktiv/octoscan) ⌘ [Read more](https://mastodon.social/@campuscodi/113006683216814100) 2024-08-22T17:36:27Z ****
South Korean security firm S2W looks at the activities of puNK-003, one of three clusters of activity the company believes are related to North Korean hacking operations.

[https://medium.com/s2wblog/threat-tracking-analysis-of-punk-003s-lilith-rat-ported-to-autoit-script-30dd59e68213](https://medium.com/s2wblog/threat-tracking-analysis-of-punk-003s-lilith-rat-ported-to-autoit-script-30dd59e68213) ⌘ [Read more](https://mastodon.social/@campuscodi/113006882833726896) 2024-08-22T17:34:39Z ****
Upcoming changes to the browser choice screen, default apps, and app deletion for EU users

[https://developer.apple.com/news/?id=zglax7gc](https://developer.apple.com/news/?id=zglax7gc) ⌘ [Read more](https://mastodon.social/@campuscodi/113006875751894850) 2024-08-22T17:39:40Z ****
Karakurt member arrested, extradited, and charged: [https://www.justice.gov/usao-sdoh/pr/member-russian-cybercrime-group-charged-ohio](https://www.justice.gov/usao-sdoh/pr/member-russian-cybercrime-group-charged-ohio)

I've uploaded the court docs here: [https://www.courtlistener.com/docket/69060175/united-states-v-zolotarjovs/](https://www.courtlistener.com/docket/69060175/united-states-v-zolotarjovs/) ⌘ [Read more](https://mastodon.social/@campuscodi/113006895434806242) 2024-08-22T18:13:44Z ****
"Miggo Research identified a critical configuration-based vulnerability, dubbed ALBeast, affecting applications that utilize AWS Application Load Balancer (ALB) for authentication"

[https://www.miggo.io/resources/albeast-security-advisory-alb-vulnerability](https://www.miggo.io/resources/albeast-security-advisory-alb-vulnerability) ⌘ [Read more](https://mastodon.social/@campuscodi/113007029440511432) 2024-08-22T18:28:38Z ****
"The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data."

[https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987](https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987) ⌘ [Read more](https://mastodon.social/@campuscodi/113007088005766890) 2024-08-23T08:26:26Z ****
Plus:

-Chrome 128 is out with a 0-day fix

-Crypto-ATM raids across Germany

-Skimmer campaign hits hundreds of sites

-Five Eyes agencies put guide on Event Logging to prevent LOLBin attacks

-Reports on new malware: PEAKLIGHT, Cthulhu Stealer, Sedexp, PG\_MEM

-Qilin ransomware starts stealing Chrome creds

-APT reports on Velvet Ant's VelvetShell, UAT-5394's MoonPeak, puNK-003

-CertiK apologizes to Kraken for bounty snafu

-Major bugs in LiteSpeed Cache, GitHub Enterprise, AWS ALB

-USENIX 33 talks ⌘ [Read more](https://mastodon.social/@campuscodi/113010382347166557) 2024-08-23T08:22:10Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-new-android-malware-evolves-fraud-tactics-with-nfc-cloning/](https://news.risky.biz/risky-biz-news-new-android-malware-evolves-fraud-tactics-with-nfc-cloning/)

Podcast: [https://risky.biz/RBNEWS325/](https://risky.biz/RBNEWS325/)

-New Android malware evolves tactics with NFC cloning

-Xiaomi deployed patch before hacking contest, removed it after

-Karakurt member detained

-US semiconductor company disrupted by cyberattack

-Big oil firm Halliburton hit by cy ... ⌘ [Read more](https://mastodon.social/@campuscodi/113010365588368509) 2024-08-25T16:01:58Z ****
Palo Alto Networks has published a profile on Bling Libra, the threat actor behind the hacker identity of ShinyHunters.

Researchers say the group shifted this year from trying to sell hacked data to privately extorting companies and targeting cloud environments.

[https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/](https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/) ⌘ [Read more](https://mastodon.social/@campuscodi/113023498254062726) 2024-08-25T17:01:25Z ****
Anyone knows where I can find videos from KCON?

[https://kcon.knownsec.com/list-kcon2024.html](https://kcon.knownsec.com/list-kcon2024.html) ⌘ [Read more](https://mastodon.social/@campuscodi/113023732008868435) 2024-08-25T18:48:36Z ****
A Chinese gaming studio with ties to the Chinese government acts exactly like you'd expect it to act 🙄

[https://www.engadget.com/gaming/black-myth-wukong-breaks-steams-concurrent-single-player-record-within-hours-of-launch-184559634.html](https://www.engadget.com/gaming/black-myth-wukong-breaks-steams-concurrent-single-player-record-within-hours-of-launch-184559634.html) ⌘ [Read more](https://mastodon.social/@campuscodi/113024153474830909) 2024-08-25T19:51:38Z ****
All the Russian Twitter bots are out in force with the FreeDurov hashtag tonight

A good night to go account mapping if you study these kind of things ⌘ [Read more](https://mastodon.social/@campuscodi/113024401318678759) 2024-08-26T08:25:24Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-digital-wallets-the-new-frontier-for-card-fraud/](https://news.risky.biz/risky-biz-news-digital-wallets-the-new-frontier-for-card-fraud/)

Podcast: [https://risky.biz/RBNEWS326/](https://risky.biz/RBNEWS326/)

-Telegram founder Pavel Durov detained in France

-The identity of a major hacker leaks from a private CrowdStrike report

-Threat actors can use stolen credit cards via digital wallet apps

-Meta takes down APT42 WhatsApp accounts

-Germany has a secret p ... ⌘ [Read more](https://mastodon.social/@campuscodi/113027365225139359) 2024-08-26T08:28:43Z ****
Plus:

-Malicious Pidgin plugin found

-New zero-day broker pops up, linked to Russia

-ShinyHunters is back with data extortion attacks

-Malware reports on Greasy Opal, Perfctl rootkit, Copybara trojan

-Iranian hackers also targeted Utah govt sites

-TTIS 2024 conference videos

-SonicWall and Zoho ManageEngine security update

-Honeywell BEDQ hacked via exposed API

-Traccar RCEs

-US government sues Georgia Tech for lying about cybersecurity to get DOD contracts ⌘ [Read more](https://mastodon.social/@campuscodi/113027378265707239) 2024-08-26T20:55:55Z ****
"My gut says Telegram is an FSB operation."

I'm glad someone else says it and lays down the arguments for it.

[https://blog.thc.org/keep-pavel-durov-locked-up](https://blog.thc.org/keep-pavel-durov-locked-up) ⌘ [Read more](https://mastodon.social/@campuscodi/113030316377189388) 2024-08-27T13:39:49Z ****
Security researcher Tarek Ahmed has released SHELLSILO, a tool that translates C syntax into syscall assembly and its corresponding shellcode

[https://github.com/nixpal/shellsilo](https://github.com/nixpal/shellsilo) ⌘ [Read more](https://mastodon.social/@campuscodi/113034263881636809) 2024-08-27T13:39:34Z ****
A proof-of-concept exploit was published for CVE-2024-38856, a pre-auth RCE in Apache OFBiz patched earlier this month

[https://github.com/0x20c/CVE-2024-38856-EXP](https://github.com/0x20c/CVE-2024-38856-EXP)

[https://blog.sonicwall.com/en-us/2024/08/sonicwall-discovers-second-critical-apache-ofbiz-zero-day-vulnerability/](https://blog.sonicwall.com/en-us/2024/08/sonicwall-discovers-second-critical-apache-ofbiz-zero-day-vulnerability/)

[https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w](https: ... ⌘ [Read more](https://mastodon.social/@campuscodi/113034262905390884) 2024-08-27T13:41:12Z ****
Security researcher Marcus Hutchins has published a write-up that looks at CVE-2024-38063, that nasty Windows 10/11 RCE via IPv6 packets: [https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html](https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html)

tl;dr: No reliable PoC is available (for now), except this one that causes a DoS

[https://github.com/ynwarcs/CVE-2024-38063](https://github.com/ynwarcs/CVE-2024-38063) ⌘ [Read more](https://mastodon.social/@campuscodi/113034269325114202) 2024-08-27T16:12:08Z ****
That Lumen embargo disintegrated like a piece of cake left too close to my desk 😂 ⌘ [Read more](https://mastodon.social/@campuscodi/113034862828875295) 2024-08-27T16:17:50Z ****
The Pentagon used Tinder ads of F-16 and A-10 aircraft “currently in the region” to warn Middle East residents against taking up arms against the US and its partners

[https://www.washingtonpost.com/national-security/2024/08/27/centcom-tinder-advertisment-lebanon/](https://www.washingtonpost.com/national-security/2024/08/27/centcom-tinder-advertisment-lebanon/) ⌘ [Read more](https://mastodon.social/@campuscodi/113034885203320336) 2024-08-27T20:25:46Z ****
"overseas friendly company Blackberry" is a wild term to read in an APT report 😂 ⌘ [Read more](https://mastodon.social/@campuscodi/113035860145161006) 2024-08-28T09:44:08Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-volt-typhoon-returns-with-a-new-zero-day/](https://news.risky.biz/risky-biz-news-volt-typhoon-returns-with-a-new-zero-day/)

Podcast: [https://risky.biz/RBNEWS327/](https://risky.biz/RBNEWS327/)

-Pentagon runs Tinder info-op;

-Microsoft to meet with EDR makers

-Volt Typhoon returns with a new zero-day

-EDR killer can now wipe security tools off disk

\- Seattle airport still crippled by last week's cyberattack

-Dutch DPA fines Uber €290 million

-Texas poli ... ⌘ [Read more](https://mastodon.social/@campuscodi/113038999429863876) 2024-08-28T09:48:54Z ****
Plus:

-Ukraine hacks Russian TV stations

-Data breaches at TDECU&Exotel

-Another Angler EK member charged

-Malware reports on BlackSuit ransomware, HZ RAT, Angry Stealer, AutoITBot

-Operation DevilTiger APT campaign

-Google patches another Chrome zero-day

-Researchers dump Intel SGX keys from some old CPUs

-Apache OFBiz PoC goes live.... and it's exploited

-New tools—VeilTransfer, SHELLSILO, USP, Windows Downdate

-Check Point buys CyberInt

-Cisco buys Robust Intelligence

-SLEUTHCON 2024 videos ⌘ [Read more](https://mastodon.social/@campuscodi/113039018211721865) 2024-08-29T08:54:20Z ****
"In 2017, the year before the meeting with Macron, French spies targeted Durov in a joint operation with the United Arab Emirates that hacked his iPhone, according to people familiar with the matter. The spy operation, which also hasn’t been previously reported, was code-named “Purple Music,” the people said. French security officials were acutely concerned about Islamic State’s use of Telegram to recruit operatives and plan attacks"

[https://archive.ph/FFPt2](https://archive.ph/FFPt2) ⌘ [Read more](https://mastodon.social/@campuscodi/113044465916220514) 2024-08-29T08:55:36Z ****
The Brain Cipher ransomware gang takes credit for the attack that disrupted certain Olympic venues

[https://mastodon.social/@AlvieriD@infosec.exchange/113043584662219976](https://mastodon.social/@AlvieriD@infosec.exchange/113043584662219976) ⌘ [Read more](https://mastodon.social/@campuscodi/113044470929245690) 2024-08-29T12:07:44Z ****
Iran's APT42 cyber-espionage group is behind a long-lasting counter-intelligence campaign designed to identify traitors and collaborators inside Iran and its allies.

Google says the campaign has been active since 2017 and used over 35 fake recruiting websites designed to lure Iranians and others to work for Mossad or other Israeli organizations.

[https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation](https://cloud.google.com/blog/topics/threat-intelligence/un ... ⌘ [Read more](https://mastodon.social/@campuscodi/113045226451770369) 2024-08-29T12:06:46Z ****
Google has increased some of the payouts for its Chrome bug bounty platform.

Payouts for some bug classes have been increased up to five times the old rates as exploitation of memory corruption bugs has now become harder.

Researchers can earn up to $250,000 for a remote code execution exploit in a Chrome non-sandboxed environment.

[https://bughunters.google.com/blog/5302044291629056/chrome-vrp-reward-updates-to-incentivize-deeper-research](https://bughunters.google.com/blog/5302044291629056/chrome-vrp-reward- ... ⌘ [Read more](https://mastodon.social/@campuscodi/113045222591577868) 2024-08-29T16:23:22Z ****
Three reports over the past days where malware didn't have a fancy-pants name.

Dayum! I'm impressed infosec vendors! ⌘ [Read more](https://mastodon.social/@campuscodi/113046231608709800) 2024-08-29T16:30:09Z ****
Intrinsec has published a report looking at the underground market that sells extended validation (EV) certificates to criminal groups

[https://www.intrinsec.com/the-ev-code-signature-market-for-ecrime/](https://www.intrinsec.com/the-ev-code-signature-market-for-ecrime/) ⌘ [Read more](https://mastodon.social/@campuscodi/113046258276006297) 2024-08-29T16:57:38Z ****
The Steam gaming platform was the target of four waves of DDoS attacks over the past week.

The attacks took place hours before Tencent's Black Myth: Wukong game broke a Steam record of most concurrent users.

Chinese security firm QiAnXin says the attack disrupted Steam servers in 13 regions, but none of the waves lasted more than five hours.

The attacks were most likely designed to prevent the game from breaking Steam's record.

[https://blog.xlab.qianxin.com/more\_ddos\_details\_on\_steam\_en/](https://blog. ... ⌘ [Read more](https://mastodon.social/@campuscodi/113046366336634386) 2024-08-29T17:09:21Z ****
Huntress has published a report on a suspected APT32/OceanLotus campaign that targeted Vietnamese human rights defenders.

Ah, the enemies of all legitimate democratic states! The despicable human rights orgs! 

[https://www.huntress.com/blog/advanced-persistent-threat-targeting-vietnamese-human-rights-defenders](https://www.huntress.com/blog/advanced-persistent-threat-targeting-vietnamese-human-rights-defenders) ⌘ [Read more](https://mastodon.social/@campuscodi/113046412452844857) 2024-08-29T17:38:52Z ****
Recorded Future has published a report on the check fraud market.

Probably the first report on this topic I've seen in a while now.

[https://www.recordedfuture.com/research/h1-2024-check-fraud-report](https://www.recordedfuture.com/research/h1-2024-check-fraud-report) ⌘ [Read more](https://mastodon.social/@campuscodi/113046528470653344) 2024-08-30T08:04:06Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-iranian-apt-moonlights-as-access-broker-and-ransomware-helper/](https://news.risky.biz/risky-biz-news-iranian-apt-moonlights-as-access-broker-and-ransomware-helper/)

Podcast: [https://risky.biz/RBNEWS328/](https://risky.biz/RBNEWS328/)

-Iranian APT moonlights as access broker and ransomware helper

-APT42 hunts regime traitors

-France and the UAE hacked Durov's phone in 2017

-APT29 suspected of using same exploits as spyware vendors NSO and Intellexa

-Brain ... ⌘ [Read more](https://mastodon.social/@campuscodi/113049930757452963) 2024-08-30T08:10:31Z ****
And:

-APT-C-60's used a WPS Office zero-day

-DPRK launches net npm campaign (again)

-Suspected APT32/OceanLotus campaign targets human rights defenders

-APT33 uses new Tickler backdoor

-Security updates from Cisco, Fortra, JetBrains

-Vuln reports for PR-Agent, 3CX Phone System

-AVTECH bug from earlier this month was actually a zero-day for months

-Maltese political party calls for end of white hats' investigation

-Google increases Chrome VRP rewards

-New LinkedIn CISO

-KCon 2024 talks ⌘ [Read more](https://mastodon.social/@campuscodi/113049955984351194) 2024-08-30T08:07:55Z ****
Also:

-EU launches investigation into Telegram for lying about user numbers

-Indonesia mulls Telegram ban

-Dutch defense network outage blamed on software error

-KK Park made $100mil this year alone

-EV code signature market is larger than you thought

-GitHub hit by new spam wave

-Malware reports on 7777 Botnet, Snake Keylogger, Latrodectus, BlackByte and RansomHub ransomware, Mekotio

-Malware campaign poses as GlobalProtect setup tool

-Disinfo sites in India are making bank via GooglAds ⌘ [Read more](https://mastodon.social/@campuscodi/113049945741971665) 2024-08-30T11:46:13Z ****
Elon Musk: We're modifying the algorithm to surface tweets from smaller accounts

The accounts: ⌘ [Read more](https://mastodon.social/@campuscodi/113050804130493611) 2024-08-30T15:30:00Z ****
Poland charges a former govt official over spyware abuses

[https://www.gov.pl/web/prokuratura-krajowa/informacja-o-przedstawieniu-zarzutow-bylemu-wiceministrowi-sprawiedliwosci-michalowi-wosiowi](https://www.gov.pl/web/prokuratura-krajowa/informacja-o-przedstawieniu-zarzutow-bylemu-wiceministrowi-sprawiedliwosci-michalowi-wosiowi) ⌘ [Read more](https://mastodon.social/@campuscodi/113051684075761750) 2024-08-30T16:17:24Z ****
Regarding that Google TAG report that APT29 might be using NSO/Intellexa exploits.

Here's a story from last year about Pegasus being used against journalists critical of Putin: [https://www.accessnow.org/publication/hacking-meduza-pegasus-spyware-used-to-target-putins-critic/](https://www.accessnow.org/publication/hacking-meduza-pegasus-spyware-used-to-target-putins-critic/)

I don't view this as APT29 stealing exploits. I see this as a full-blown customer relationship now. ⌘ [Read more](https://mastodon.social/@campuscodi/113051870481857387) 2024-08-30T16:48:02Z ****
AnandTech is shutting down

[https://www.anandtech.com/show/21542/end-of-the-road-an-anandtech-farewell](https://www.anandtech.com/show/21542/end-of-the-road-an-anandtech-farewell) ⌘ [Read more](https://mastodon.social/@campuscodi/113051990905136498) 2024-08-30T18:54:32Z ****
The city of Columbus sues a security researcher who exposed the administration for lying about a recent ransomware attack

[https://www.10tv.com/article/news/local/city-columbus-sues-cybersecurity-expert/530-fc59233d-39cb-463f-9454-0234f1c8cced](https://www.10tv.com/article/news/local/city-columbus-sues-cybersecurity-expert/530-fc59233d-39cb-463f-9454-0234f1c8cced) ⌘ [Read more](https://mastodon.social/@campuscodi/113052488325963068) 2024-08-30T22:13:47Z ****
NSA will launch a podcast:

[https://pca.st/yx9w8c4v](https://pca.st/yx9w8c4v) ⌘ [Read more](https://mastodon.social/@campuscodi/113053271810320784) 2024-08-31T19:55:39Z ****
Here’s 22 Examples of Google Employees Trying to Avoid Creating Evidence for Court

[https://www.courtwatch.news/p/heres-22-examples-of-google-employees](https://www.courtwatch.news/p/heres-22-examples-of-google-employees) ⌘ [Read more](https://mastodon.social/@campuscodi/113058390975975477) 2024-08-31T19:59:07Z ****
New Anti-Toxicity Features on Bluesky

[https://bsky.social/about/blog/08-28-2024-anti-toxicity-features](https://bsky.social/about/blog/08-28-2024-anti-toxicity-features) ⌘ [Read more](https://mastodon.social/@campuscodi/113058404565033828) 2024-08-31T23:53:31Z ****
Looks like they identified the duo who swatted CISA's Easterly this year:

[https://www.justice.gov/usao-dc/pr/two-foreign-nationals-charged-swatting-conspiracy-targeting-lawmakers-private-victims](https://www.justice.gov/usao-dc/pr/two-foreign-nationals-charged-swatting-conspiracy-targeting-lawmakers-private-victims) ⌘ [Read more](https://mastodon.social/@campuscodi/113059326315149675) 2024-09-01T20:04:59Z ****
OTP Agency admins plead guilty: [https://www.nationalcrimeagency.gov.uk/news/website-operators-promised-fraudsters-profit-within-minutes-if-they-subscribed-to-illegal-service](https://www.nationalcrimeagency.gov.uk/news/website-operators-promised-fraudsters-profit-within-minutes-if-they-subscribed-to-illegal-service)

More on the site in this [@briankrebs](https://infosec.exchange/@briankrebs) 2021 article: [https://krebsonsecurity.com/2021/09/the-rise-of-one-time-password-interception-bots/](https://krebsonsecu ... ⌘ [Read more](https://mastodon.social/@campuscodi/113064089977889312) 2024-09-01T20:04:59Z ****
OTP Agency admins plead guilty: [https://www.nationalcrimeagency.gov.uk/news/website-operators-promised-fraudsters-profit-within-minutes-if-they-subscribed-to-illegal-service](https://www.nationalcrimeagency.gov.uk/news/website-operators-promised-fraudsters-profit-within-minutes-if-they-subscribed-to-illegal-service)

More on the site in this [@briankrebs](https://infosec.exchange/@briankrebs) 2021 article: [https://krebsonsecurity.com/2021/09/the-rise-of-one-time-password-interception-bots/](https://krebsonsecu ... ⌘ [Read more](https://mastodon.social/@campuscodi/113064089977889312) 2024-09-02T09:20:45Z ****
Also:

-CISA launches new reporting portal

-US Healthcare Cybersecurity Act

-EU Chat Control comes back from the dead

-Russia tells telcos to stop speeding up YouTube

-BEC scammer extradited to US

-OTP Agency admins plead guilty

-Black Basta goes to SEO poisoning

-Camu network found on BR piracy sites

-Malware reports on Rocinante, Godzilla, AsyncRAT, Cicada3301 and Underground ransomware

-New Voldemort APT malware

-Citrine Sleet behind Chrome and Windows zero-days

-SQLi to bypass TSA checks ⌘ [Read more](https://mastodon.social/@campuscodi/113067219038447039) 2024-09-02T09:17:48Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-us-charges-swatters-who-terrorized-government-officials/](https://news.risky.biz/risky-biz-news-us-charges-swatters-who-terrorized-government-officials/)

Podcast: [https://risky.biz/RBNEWS329/](https://risky.biz/RBNEWS329/)

-US charges swatters who terrorized government officials

-City of Columbus sues security researcher

-APT28 suspected of hack of Germany air traffic control agency

-Brazil bans Twitter

-Poland charges official in Pegasus spyware

-Maduro ... ⌘ [Read more](https://mastodon.social/@campuscodi/113067207466793133) 2024-09-03T10:36:59Z ****
Stupid headline of the day ![:toucan:](https://files.mastodon.social/custom_emojis/images/000/046/747/original/toucan.png)![:toucan:](https://files.mastodon.social/custom_emojis/images/000/046/747/original/toucan.png)![:toucan:](https://files.mastodon.social/custom_emojis/images/000/046/747/original/toucan.png)![:toucan:](https://files.mastodon.social/custom_emojis/images/000/046/747/original/toucan.png)![:toucan:](https://files.mastodon.social/custom_emojis/images/000/046/747/original/toucan.png)

Why it's stup ... ⌘ [Read more](https://mastodon.social/@campuscodi/113073181142734143) 2024-09-03T11:07:49Z ****
Russian security firm BI.ZONE has published a technical analysis of CVE-2024–38063, a zero-click RCE in the Windows TCP/IP stack that can be exploited via IPv6 packets

[https://bi-zone.medium.com/breaking-down-cve-2024-38063-remote-exploitation-of-the-windows-kernel-bdae36f5f61d](https://bi-zone.medium.com/breaking-down-cve-2024-38063-remote-exploitation-of-the-windows-kernel-bdae36f5f61d) ⌘ [Read more](https://mastodon.social/@campuscodi/113073302353425250) 2024-09-03T11:06:13Z ****
Australia's cybersecurity agency has put out a public security advisory about the dangers of infostealer infections and how credentials stolen in these incidents are powering later breaches at private companies and government agencies.

[https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/silent-heist-cybercriminals-use-information-stealer-malware-compromise-corporate-networks](https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/silent-heist-cybercriminals-use-informatio ... ⌘ [Read more](https://mastodon.social/@campuscodi/113073296059142881) 2024-09-03T11:59:52Z ****
GIMP is No Longer a Viable Photoshop Alternative

[https://medium.com/@kevdoy/gimp-is-no-longer-a-viable-photoshop-alternative-16ba9f5e9eb5](https://medium.com/@kevdoy/gimp-is-no-longer-a-viable-photoshop-alternative-16ba9f5e9eb5) ⌘ [Read more](https://mastodon.social/@campuscodi/113073507056296339) 2024-09-03T11:57:49Z ****
Wahahahahahahahahahahahahahahahahahahahaha... breaths in... hahahahahahahahahahahahahahahahahahahaha ⌘ [Read more](https://mastodon.social/@campuscodi/113073498996491493) 2024-09-03T14:34:51Z ****
Elastic has re-open-sourced Elasticsearch and Kibana, this time under AGPL

[https://www.elastic.co/blog/elasticsearch-is-open-source-again](https://www.elastic.co/blog/elasticsearch-is-open-source-again) ⌘ [Read more](https://mastodon.social/@campuscodi/113074116463634376) 2024-09-03T15:10:31Z ****
Finland's police and cybersecurity agency say they've encountered cases where local routers, firewalls, and NAS devices have been used to funnel malicious APT traffic

[https://yle.fi/a/74-20108598](https://yle.fi/a/74-20108598) ⌘ [Read more](https://mastodon.social/@campuscodi/113074256700489412) 2024-09-03T15:09:45Z ****
Videos from the TROOPERS 2024 security conference, which took place at the end of June, are available on YouTube

[https://www.youtube.com/playlist?list=PL1eoQr97VfJlYX4dCDdvHk3QLJCEnKw6c](https://www.youtube.com/playlist?list=PL1eoQr97VfJlYX4dCDdvHk3QLJCEnKw6c) ⌘ [Read more](https://mastodon.social/@campuscodi/113074253711620968) 2024-09-03T15:22:51Z ****
Morphisec has published a report on Cicada3301, a new Ransomware-as-a-Service that launched in June this year. The company found several similarities to the AlphV (BlackCat) ransomware code.

[https://blog.morphisec.com/cicada3301-ransomware-threat-analysis](https://blog.morphisec.com/cicada3301-ransomware-threat-analysis)

The report comes after a similar one from Truesec.

[https://www.truesec.com/hub/blog/dissecting-the-cicada](https://www.truesec.com/hub/blog/dissecting-the-cicada) ⌘ [Read more](https://mastodon.social/@campuscodi/113074305232964693) 2024-09-03T17:03:07Z ****
I got pepper-sprayed twice in my life, and both times happened by accident when I was walking down the street.

Why? Because someone arranged a sale/exchange through sites like OLX and pepper-sprayed the victim to steal its money/product, and accidentally got me too.

So, never-ever, get into any deals with a Romanian online.

Just buy it from the original vendor! ⌘ [Read more](https://mastodon.social/@campuscodi/113074699482330786) 2024-09-03T17:01:38Z ****
Never buy anything via OLX, especially the Romanian version of OLX

There's a reason Romanians are only allowed to create accounts on PayPal, eBay, and Amazon after extensive KYC checks.

Heck, it's 2024 and I can't gift a sub on Twitch because of the prodigious Romanian scam scene of the early 2000s put utter fear of Romanians into online platforms. ⌘ [Read more](https://mastodon.social/@campuscodi/113074693660155245) 2024-09-03T17:07:59Z ****
Videos from the Off-By-One 2024 security conference

Day 1: [https://www.youtube.com/playlist?list=PLiIDIO1Gp6V\_I4mSvz8WDfLVt6xy85RvP](https://www.youtube.com/playlist?list=PLiIDIO1Gp6V_I4mSvz8WDfLVt6xy85RvP)

Day 2: [https://www.youtube.com/playlist?list=PLiIDIO1Gp6V90DvDxshqdD1YgAjZRFDEj](https://www.youtube.com/playlist?list=PLiIDIO1Gp6V90DvDxshqdD1YgAjZRFDEj) ⌘ [Read more](https://mastodon.social/@campuscodi/113074718630933474) 2024-09-03T17:46:36Z ****
The US Army will have new rules in place by next February to require SBOM files for all new software acquisitions.

The new requirement will apply to contractors and subcontractors but not the Army's cloud services.

[https://federalnewsnetwork.com/army/2024/09/army-set-to-require-sboms-for-new-software-by-early-next-year/](https://federalnewsnetwork.com/army/2024/09/army-set-to-require-sboms-for-new-software-by-early-next-year/) ⌘ [Read more](https://mastodon.social/@campuscodi/113074870482164354) 2024-09-03T17:46:03Z ****
Security firm Praetorian has released GoffLoader, a tool to facilitate the easy execution of Cobalt Strike BOFs and unmanaged PE files directly in memory without writing any files to disk

[https://www.praetorian.com/blog/introducing-goffloader-a-pure-go-implementation-of-an-in-memory-coffloader-and-pe-loader/](https://www.praetorian.com/blog/introducing-goffloader-a-pure-go-implementation-of-an-in-memory-coffloader-and-pe-loader/) ⌘ [Read more](https://mastodon.social/@campuscodi/113074868320416927) 2024-09-03T18:38:28Z ****
D-Link says it won't patch four recently discovered vulnerabilities impacting a line of now discontinued SOHO routers (DIR-846)

All four bugs are critical RCEs

[https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411](https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411) ⌘ [Read more](https://mastodon.social/@campuscodi/113075074369824848) 2024-09-04T08:54:19Z ****
Also:

-Firefox 130 is out

-Reports on Head Mare and Stone Wolf groups

-Roblox npm malware campaign goes on for a year

-Bitcoin ATM scam numbers in the US hit $114mil last year

-Malware reports on CyberVolk ransomware, Cicada3301 RaaS, MacroPack, DarkCracks, Zharkbot, WikiLoader, ViperSoftX, and Emansrepo stealer

-APT reports on Operation Oxidový, MuddyWater

-Finland warns of APT router abuse

-D-Link won't patch four RCEs in EoL router

-HITB2024BKK, Off-By-One, and Troopers talks ⌘ [Read more](https://mastodon.social/@campuscodi/113078439744182879) 2024-09-04T08:50:23Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-white-house-recommends-prioritizing-rpki-roas/](https://news.risky.biz/risky-biz-news-white-house-recommends-prioritizing-rpki-roas/)

Podcast: [https://risky.biz/RBNEWS330/](https://risky.biz/RBNEWS330/)

-EUCLEAK attack breaks YubiKeys

-Spamouflage returns for the US elections

-TfL tells staff to work from home after cyberattack

-Russia wants to block foreign web crawlers

-White House recommends prioritizing RPKI ROAs

-Clearview AI gets its biggest fine i ... ⌘ [Read more](https://mastodon.social/@campuscodi/113078424243400505) 2024-09-04T14:56:42Z ****
When I grow up, I wanna create a crypto-platform, hack myself, and let myself keep 10% of the stolen assets as a "bug bounty reward" if I return the rest.

[#JustNormalCryptoThings](https://mastodon.social/tags/JustNormalCryptoThings)

[#DefinitelyNotAnInsiderScam](https://mastodon.social/tags/DefinitelyNotAnInsiderScam) ⌘ [Read more](https://mastodon.social/@campuscodi/113079864679727898) 2024-09-04T15:34:29Z ****
A security researcher going by Mistymntncop has released a PoC exploit for CVE-2024-5274, a Chrome zero-day that Google patched back in May

[https://github.com/mistymntncop/CVE-2024-5274](https://github.com/mistymntncop/CVE-2024-5274) ⌘ [Read more](https://mastodon.social/@campuscodi/113080013257176436) 2024-09-04T15:37:19Z ****
Telegram has removed multiple channels hosting deepfake porn starring local South Korean women.

The company apologized for its late response to the police's request and provided authorities with a dedicated email where they can report future crimes.

It's a surprise how responsive to law enforcement investigations a platform can get after you arrest its CEO. Shocking, right? ![:nigmathink:](https://files.mastodon.social/custom_emojis/images/000/016/596/original/nigmathink.png)![:nigmathink:](https://files.masto ... ⌘ [Read more](https://mastodon.social/@campuscodi/113080024389116237) 2024-09-04T20:41:30Z ****
Android security updates are out with a zero-day fix (CVE-2024-32896)

[https://source.android.com/docs/security/bulletin/2024-09-01](https://source.android.com/docs/security/bulletin/2024-09-01) ⌘ [Read more](https://mastodon.social/@campuscodi/113081220466101642) 2024-09-04T22:01:34Z ****
Forgot to mention this, but this week's sponsor interview has a link where you can sign up for GreyNoise's Plasma private sensor feature—still in private preview.

[https://risky.biz/RBNEWSSI57/](https://risky.biz/RBNEWSSI57/) ⌘ [Read more](https://mastodon.social/@campuscodi/113081535338374501) 2024-09-05T13:24:47Z ****
The Iranian regime forced a company to pay hackers a $3 million reward to save its financial system and avoid having the card and personal data of millions of Iranians published online

[https://www.politico.eu/article/iran-millions-ransom-massive-cyberattack-banks/](https://www.politico.eu/article/iran-millions-ransom-massive-cyberattack-banks/) ⌘ [Read more](https://mastodon.social/@campuscodi/113085165600219639) 2024-09-05T14:11:47Z ****
The Natto Thoughts team has put together a summary of the open-source and custom reconnaissaince tools used by Chinese threat actors in their operations. See fancy table below.

[https://nattothoughts.substack.com/p/reconnaissance-scanning-tools-used](https://nattothoughts.substack.com/p/reconnaissance-scanning-tools-used) ⌘ [Read more](https://mastodon.social/@campuscodi/113085350403668446) 2024-09-05T14:03:34Z ****
Adlumin researchers have published a report on the new Fog ransomware strain, currently targeting financial entities

[https://adlumin.com/post/fog-ransomware-now-targeting-the-financial-sector/](https://adlumin.com/post/fog-ransomware-now-targeting-the-financial-sector/) ⌘ [Read more](https://mastodon.social/@campuscodi/113085318037602961) 2024-09-05T15:10:52Z ****
Russian hackers are targeting Ukrainian soldiers with Signal phishing messages in an attempt to install malware on their phones.

The malware was hidden in malicious versions of Eyes and GRISELDA, two mobile apps used by the Ukrainian Army.

The purpose of the attacks is to steal authentication data to access military systems, as well as to exfiltrate the device's GPS coordinates.

[https://cip.gov.ua/en/news/cert-ua-viyavila-kiberataki-z-vikoristannyam-pidroblenikh-mobilnikh-zastosunkiv-dlya-viiskovikh-sistem]( ... ⌘ [Read more](https://mastodon.social/@campuscodi/113085582716478599) 2024-09-05T17:39:18Z ****
US charges five GRU hackers.

The charged individuals are part of GRU Cyber Operations Unit 29155 and they were involved in the WhisperGate attack

[https://www.justice.gov/opa/pr/five-russian-gru-officers-and-one-civilian-charged-conspiring-hack-ukrainian-government](https://www.justice.gov/opa/pr/five-russian-gru-officers-and-one-civilian-charged-conspiring-hack-ukrainian-government)

US previously charged a civilian for this back in June: [https://www.justice.gov/opa/pr/russian-national-charged-conspiring-rus ... ⌘ [Read more](https://mastodon.social/@campuscodi/113086166389538361) 2024-09-05T17:48:37Z ****
German police has charged and raided the homes of ten individuals who are part of an online harassment group known as New World Order (NWO)

[https://www.bka.de/DE/Presse/Listenseite\_Pressemitteilungen/2024/Presse2024/240903\_PM\_Ma%C3%9Fnahmen\_NWO.html](https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2024/Presse2024/240903_PM_Ma%C3%9Fnahmen_NWO.html) ⌘ [Read more](https://mastodon.social/@campuscodi/113086203017410867) 2024-09-05T19:19:10Z ****
Several countries have published security advisories on this unit now.

This seems to be one of the GRU's best, and was also involved in attempted coups, assassinations, and sabotage missions

[https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a)

[https://www.ncsc.gov.uk/news/uk-allies-uncover-russian-military-carrying-out-cyber-attacks-digital-sabotage](https://www.ncsc.gov.uk/news/uk-allies-uncover-russian-military-carrying-o ... ⌘ [Read more](https://mastodon.social/@campuscodi/113086559028924550) 2024-09-06T09:15:01Z ****
Plus:

-Russia threatens ISP to start blocking YouTube

-Russia looking to criminalize "droppers"

-Man charged for AI music and bot fraud scheme

-Germany dismantles NWO harassment group

-Two BEC scammers sentenced

-New Predator spyware servers spotted

-New PyPI Revival Hijacking technique

-Two LATAM trojans return

-Malware reports on AZORult, SpyAgent, Akira, Fog, Mallox

-APT reports on Confucius, Lazarus, Konni, Earth Lusca, Tropic Trooper

-Chrome zero-day PoC out

-Another LiteSpeed critical bug ⌘ [Read more](https://mastodon.social/@campuscodi/113089845756376123) 2024-09-06T09:11:49Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-doppelganger-gets-a-kick-in-the-butt-from-uncle-sam/](https://news.risky.biz/risky-biz-news-doppelganger-gets-a-kick-in-the-butt-from-uncle-sam/)

Podcast: [https://risky.biz/RBNEWS331/](https://risky.biz/RBNEWS331/)

-US cracks down on a bunch of Russian disinfo ops

-CISA drops online content moderation

-Iran paid hackers a $3 million ransom

-Russia tries to infiltrate Ukraine's military mobile apps

-US charges GRU cyber unit officers

-WazirX can't recover ... ⌘ [Read more](https://mastodon.social/@campuscodi/113089833202875366) 2024-09-06T14:21:46Z ****
Piracy it is then....

"Streaming every NFL game this season requires 7 different services, costs $2,500"

[https://www.marketwatch.com/story/want-to-watch-every-nfl-game-this-season-its-going-to-cost-you-nearly-2-500-31c4d300](https://www.marketwatch.com/story/want-to-watch-every-nfl-game-this-season-its-going-to-cost-you-nearly-2-500-31c4d300) ⌘ [Read more](https://mastodon.social/@campuscodi/113091051932973941) 2024-09-06T18:01:26Z ****
SonicWall says CVE-2024-40766 is now exploited in the wild

[https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015) ⌘ [Read more](https://mastodon.social/@campuscodi/113091915732316657) 2024-09-06T23:50:18Z ****
712 malicious npm packages were discovered last week

Someone had a fun time 🤣

[https://github.com/advisories?query=type%3Amalware](https://github.com/advisories?query=type%3Amalware) ⌘ [Read more](https://mastodon.social/@campuscodi/113093287512368641) 2024-09-07T07:44:38Z ****
I like it that I can't even check the scores of NFL games on their website now

Even those are locked behind a paywall

You're on notice F1 fans... the US media enshittification is coming for that sport soon ⌘ [Read more](https://mastodon.social/@campuscodi/113095152668954115) 2024-09-07T17:03:57Z ****
3.7 Million Fake GitHub Stars: A Growing Threat Linked to Scams and Malware

[https://socket.dev/blog/3-7-million-fake-github-stars-a-growing-threat-linked-to-scams-and-malware](https://socket.dev/blog/3-7-million-fake-github-stars-a-growing-threat-linked-to-scams-and-malware) ⌘ [Read more](https://mastodon.social/@campuscodi/113097351995578711) 2024-09-07T22:16:33Z ****
Two Nigerian brothers were sentenced each to 210 months in prison for a sextortion scheme that led to the suicide of a 17yo Michigan boy

[https://www.justice.gov/opa/pr/nigerian-brothers-sentenced-sextortion-scheme-resulted-death-teen](https://www.justice.gov/opa/pr/nigerian-brothers-sentenced-sextortion-scheme-resulted-death-teen) ⌘ [Read more](https://mastodon.social/@campuscodi/113098581172052809) 2024-09-07T22:55:02Z ****
Malwarebytes has detected a malvertising campaign targeting Lowes employees via Google ads.

The campaign showed malicious ads for a search term employees use to find the company's backend portal.

The ads were shown at the top of search results and took users to phishing portals. ⌘ [Read more](https://mastodon.social/@campuscodi/113098732515732938) 2024-09-08T01:21:33Z ****
I just removed a bookmark from by browser toolbar after two decades

Yes, I said two decades 😭 😭 😭 😭 😭

Damn, I'm actually old now ⌘ [Read more](https://mastodon.social/@campuscodi/113099308634646348) 2024-09-08T10:17:38Z ****
Back in May, the White House announced a plan to drop degree requirements for cybersecurity jobs.

This program is now live since last week as the Service for America platform.

[https://www.whitehouse.gov/oncd/briefing-room/2024/09/04/service-for-america-cyber-is-serving-your-country/](https://www.whitehouse.gov/oncd/briefing-room/2024/09/04/service-for-america-cyber-is-serving-your-country/) ⌘ [Read more](https://mastodon.social/@campuscodi/113101416592224990) 2024-09-08T11:22:04Z ****
Russia's largest pro-democracy NGO was hacked and had its inbox dumped

It linked the attack to ColdRiver, a FSB-run APT group

[https://novayagazeta.eu/articles/2024/09/07/free-russia-foundation-to-investigate-data-breach-after-internal-documents-published-online-en-news](https://novayagazeta.eu/articles/2024/09/07/free-russia-foundation-to-investigate-data-breach-after-internal-documents-published-online-en-news) ⌘ [Read more](https://mastodon.social/@campuscodi/113101669959951230) 2024-09-08T12:33:25Z ****
Meta says it's building new tools to let the users of third-party apps join groups or place calls to WhatsApp and Messenger users

The inter-app calling feature is expected in 2027, while support for mixed groups will arrive next year

[https://about.fb.com/news/2024/09/an-update-on-how-were-building-safe-and-secure-third-party-chats-for-users-in-europe/](https://about.fb.com/news/2024/09/an-update-on-how-were-building-safe-and-secure-third-party-chats-for-users-in-europe/) ⌘ [Read more](https://mastodon.social/@campuscodi/113101950489313116) 2024-09-08T12:32:58Z ****
Google has removed the TENET Media YouTube channel after the DOJ indictment revealed the organization took money from Russia to publish Kremlin propaganda

[https://therecord.media/youtube-removes-tenet-media-russian-ties](https://therecord.media/youtube-removes-tenet-media-russian-ties) ⌘ [Read more](https://mastodon.social/@campuscodi/113101948763807777) 2024-09-08T15:05:41Z ****
German security firm SySS has discovered 11 vulnerabilities affecting the C-MOR video surveillance software platform.

The security flaws include SQL injection, cross-site scripting, and OS command injection bugs that can be exploited to gain admin access over the platform and disable IP camera video feeds.

C-MOR released a patch at the end of July that only fixes six of the reported bugs.

[https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis- ... ⌘ [Read more](https://mastodon.social/@campuscodi/113102549265011435) 2024-09-08T17:14:40Z ****
Security firm Sector7 says it discovered a backdoor feature in Autel MaxiCharger EV chargers that can grant attackers control over the device.

The backdoor is a hard-coded authentication token in the Bluetooth pairing process.

Sector7 researchers believe the backdoor token was intentional.

[https://sector7.computest.nl/post/2024-08-pwn2own-automotive-autel-maxicharger/](https://sector7.computest.nl/post/2024-08-pwn2own-automotive-autel-maxicharger/) ⌘ [Read more](https://mastodon.social/@campuscodi/113103056436596192) 2024-09-08T17:13:59Z ****
Chinese cyber-spies are abusing a Visual Studio Code feature as an undetectable backdoor on compromised systems.

The attackers are abusing a reverse shell feature found in the binary of the official VS Code app. The technique was first discovered and documented by security researcher Truvis Thornton in September of last year: [https://medium.com/@truvis.thornton/visual-studio-code-embedded-reverse-shell-and-how-to-block-create-sentinel-detection-and-add-e864ebafaf6d](https://medium.com/@truvis.thornton/visual-s ... ⌘ [Read more](https://mastodon.social/@campuscodi/113103053748404111) 2024-09-08T18:35:19Z ****
A German security reporter has released PassPort, a tool to bypass TCP traffic through passkey servers as a way to bypass internet censorship

[https://github.com/c-skills/passport](https://github.com/c-skills/passport) ⌘ [Read more](https://mastodon.social/@campuscodi/113103373541844573) 2024-09-08T19:11:43Z ****
Kaspersky says that a new APT group named Librarian Ghouls has been targeting Russia's industrial sector in campaigns this year

[https://www.kaspersky.ru/blog/librarian-ghouls-cad-formats/38199/](https://www.kaspersky.ru/blog/librarian-ghouls-cad-formats/38199/) ⌘ [Read more](https://mastodon.social/@campuscodi/113103516724208776) 2024-09-08T19:11:27Z ****
A Chinese cyber-espionage named TIDRONE is targeting Taiwanese military-related industry chains, and specifically local drone manufacturers

[https://www.trendmicro.com/en\_us/research/24/i/tidrone-targets-military-and-satellite-industries-in-taiwan.html](https://www.trendmicro.com/en_us/research/24/i/tidrone-targets-military-and-satellite-industries-in-taiwan.html) ⌘ [Read more](https://mastodon.social/@campuscodi/113103515616070317) 2024-09-09T09:37:29Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-two-security-enhancements-coming-to-windows-activex-clfs/](https://news.risky.biz/risky-biz-news-two-security-enhancements-coming-to-windows-activex-clfs/)

Podcast: [https://risky.biz/RBNEWS332/](https://risky.biz/RBNEWS332/)

-Microsoft disables ActiveX for good

-Microsoft secures CFLS logs

-ColdRiver hacks Russian pro-democracy foundation;

-Sextortionist brothers get long prison time after victim's suicide

-Malaysia backtracks on national DNS plan

-Backd ... ⌘ [Read more](https://mastodon.social/@campuscodi/113106921033579070) 2024-09-09T09:41:23Z ****
Plus:

-White House asks tech companies for help in supporting anti-censorship tools

-US drops degree requirements for cyber jobs

-Kaspersky sells US business to Pango

-New RAMBO covert exfil attack

-Kemp gets a perfect 10 (CVSS score)

-SonicWall firewall bug exploited in the wild

-Chinese APT goes after Taiwan's drone industry

-Chinese APT abuses VS Code

-APT goes after Russia's industrial sector

-Funeral stream scams

-Carder pleads guilty after 5 years

-3.7 mil fake stars found on GitHub ⌘ [Read more](https://mastodon.social/@campuscodi/113106936356855536) 2024-09-09T20:41:48Z ****
Telegram’s Security Sham

[https://www.justsecurity.org/99869/telegrams-security-sham/](https://www.justsecurity.org/99869/telegrams-security-sham/) ⌘ [Read more](https://mastodon.social/@campuscodi/113109533201564465) 2024-09-09T22:59:41Z ****
FTC Pushed To Crack Down On Companies That Ruin Hardware Via Software Updates Or Annoying Paywalls

[https://www.techdirt.com/2024/09/09/ftc-pushed-to-crack-down-on-companies-that-ruin-hardware-via-software-updates-or-annoying-paywalls/](https://www.techdirt.com/2024/09/09/ftc-pushed-to-crack-down-on-companies-that-ruin-hardware-via-software-updates-or-annoying-paywalls/) ⌘ [Read more](https://mastodon.social/@campuscodi/113110075430946698) 2024-09-10T18:16:57Z ****
This account is now on delete posts older than a week. ⌘ [Read more](https://mastodon.social/@campuscodi/113114625992462615) 2024-09-11T09:29:35Z ****
Newsletter: [https://news.risky.biz/risky-biz-news-uk-nca-on-its-knees-bleeding-staff-seriously-underpaid/](https://news.risky.biz/risky-biz-news-uk-nca-on-its-knees-bleeding-staff-seriously-underpaid/)

Podcast: [https://risky.biz/RBNEWS333/](https://risky.biz/RBNEWS333/)

-UK NCA "on its knees," bleeding staff, seriously underpaid

-Poland's Pegasus inquiry reaches a roadblock

-Poland disrupts Russian cyber-saboteurs

-Americans lost $5.6 billion to crypto-fraud last year

-US arrests Terrorgram admins

-Sext ... ⌘ [Read more](https://mastodon.social/@campuscodi/113118214597292749) 2024-09-11T09:33:05Z ****
Plus:

-Firefox extends Windows 7 support

-APT reports on Earth Preta, Crimson Palace, and DPRK APTs

-Malware reports on Loki, Quad7, CryptBot, Ailurophile Stealer BLX Stealer, Cicada3301 RaaS

-RansomHub abuses Kaspersky anti-rootkit tool to disable EDRs

-Bug in Hazard ransomware trashes files

-Akira ransomware behind SonicWall attacks

-New Iranian info-op discovered

-Patch Tuesday is out

-MSFT fixes 4 zero-days

-WhatsApp view-once bypass bug discovered

-OrangeCon videos ⌘ [Read more](https://mastodon.social/@campuscodi/113118228377306501) 2024-09-11T16:16:18Z ****
watchTowr are on top of their meme game this week ⌘ [Read more](https://mastodon.social/@campuscodi/113119813838877610) 2024-09-12T11:03:16Z ****
Honestly, I don't think they got hacked. I smell a rat. ⌘ [Read more](https://mastodon.social/@campuscodi/113124245286500327) 2024-09-12T11:02:43Z ****
Wacky cyber story of the day:

[https://www.boston.com/news/local-news/2024/09/10/attleboro-crisis-pregnancy-center-stole-data-tricked-patients-lawsuit-alleges/](https://www.boston.com/news/local-news/2024/09/10/attleboro-crisis-pregnancy-center-stole-data-tricked-patients-lawsuit-alleges/) ⌘ [Read more](https://mastodon.social/@campuscodi/113124243136212868)