Weather Effect – Christmas Santa Snow Falling Security Vulnerabilities

Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation

Summary When someone creates an access key, it inherits the permissions of the parent key. Not only for s3:* actions, but also admin:* actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able to simply override their own s3...

The Psychology of Phishing: Unraveling the Success Behind Phishing Attacks and Effective Countermeasures

The Psychology of Phishing: Unraveling the Success Behind Phishing Attacks and Effective Countermeasures By Tomer Shloman · February 1, 2024 Phishing is one of the most sneaky and widespread attacks in the constantly changing world of cybersecurity threats. This form of cyber attack, deceiving...

Decline in robocalls is encouraging, efforts seem to be working

The Federal Communications Commission (FCC) has announced that its recent actions with the Federal Trade Commission (FTC) against international robocalls appear to have had an effect. Robocalls are automated phone calls, often associated with scams and unwanted solicitations, which can be a...

ICS and OT threat predictions for 2024

We do not expect rapid changes in the industrial cyberthreat landscape in 2024. Most of the below-described trends have been observed before, many for some years. However, some of them have reached a critical mass of creeping changes, which could lead to a qualitative shift in the threat landscape....

Post-quantum Cryptography for the Go Ecosystem

filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM (formerly known as Kyber, renamed because we can't have nice things) is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...

Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top Operatives

A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil said it served five temporary arrest warrants and 13 search and seizure warrants in the states of São Paulo, Santa Catarina, Pará, Goiás,...

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November...

Apple warns of “privacy and security threats” after EU requires it to allow sideloading

Despite several warnings about the risks, Apple will allow European iPhone owners to install apps obtained from outside the official App store (sideloading). These drastic changes are brought about to comply with the European Union’s (EU) Digital Markets Act (DMA). The Digital Markets Act (DMA)...

Deepfake Taylor Swift images circulate online, politicians call for laws to ban deepfake creation

Deepfake images of Taylor Swift have really made some serious waves. Explicit images of the popstar, generated by Artificial Intelligence (AI) were posted on social media and Telegram. The images were viewed millions of times. The impact of the deepfake was enormous. Social media platform X...

Top Security Posture Vulnerabilities Revealed

Each New Year introduces a new set of challenges and opportunities for strengthening our cybersecurity posture. It's the nature of the field – the speed at which malicious actors carry out advanced persistent threats brings a constant, evolving battle for cyber resilience. The excitement in...

In conversation: Bruce Schneier on AI-powered mass spying

For decades, governments and companies have surveilled the conversations, movements, and behavior of the public. And then the internet came along and made that a whole lot easier. Today, search engines collect our queries, browsers collect our device information, smartphones collect out...

OWASP Mobile Top 10

Unraveling the Key Components of the Renowned OWASP Mobile Top 10 Index The altruistic initiative, Open Network Application Defense Plan (ONADP), spearheads a cluster of operations in its mission to enhance the level of software protection. A cardinal tool emerging from their efforts, The OWASP...

Chatbots and Human Conversation

For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you.....

Exploit for CVE-2023-47400

CVE-2023-47400 Proof of Concept for the CVE-2023-47400 ...

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Summary Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1. Details While working on https://github.com/dexidp/dex/issues/2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating. ...

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Summary Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1. Details While working on https://github.com/dexidp/dex/issues/2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating. ...

AI likely to boost ransomware, warns government body

The British National Cyber Security Centre (NCSC) says it expects Artificial Intelligence (AI) to heighten the global ransomware threat. In a report, the NCSC makes the assessment that AI will almost certainly increase the volume and heighten the impact of cyberattacks over the next two years....

Security Operations (SecOps)

Understanding the Basics of Security Operations (SecOps) SecOps represents the blending of cybersecurity proficiency with operational domains, forming a powerful bulwark. Its primary mission lies in safeguarding the fundamental data assets and technological infrastructures of an organization. More....

QR Code Phishing Soars 587%: Users Falling Victim to Social Engineering Scams

By Deeba Ahmed QR Code Phishing has surged by a staggering 587%, with scammers exploiting it to steal login credentials and deploy malware. This is a post from HackRead.com Read the original post: QR Code Phishing Soars 587%: Users Falling Victim to Social Engineering...

Oracle Linux 9 : openssl (ELSA-2024-12093)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12093 advisory. Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns...

Unauthenticated Nonce Increment in snow

Impact There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it...

Unauthenticated Nonce Increment in snow

Impact There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it...

Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack

By Waqas The data breach occurred a few days before Christmas on December 21, 2023, but the details have only been revealed now. This is a post from HackRead.com Read the original post: Jason's Deli Data Breach Exposes 344,000 Users in Credential Stuffing...

10 years on from the Target breach. Has building cyber security improved?

It’s over a decade since the Target data breach. It was an event that reinforced the need for supply chain security reviews. It seems that much has changed since then, or has it? Has the security profile of the average connected building in the USA improved in that time period, be it retail,...

TCP Resets from Client and Server aka TCP-RST-FROM-Client

Diving into the Enigma of TCP Resets Executed by Client and Server The Base Communication Protocol (BCP), understoond as the Transmission Control Protocol (TCP) equivalent, plays a key role in the protocol unit of the internet. Its primary task entails laying a groundwork for communication between....

Unauthenticated Nonce Increment in snow

There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message...

Oracle Linux 9 : openssl (ELSA-2024-0310)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0310 advisory. Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns...

Multiple issues involving quote API in shlex

Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes { and \xa0 to appear unquoted and unescaped in command arguments. If the output of quote or join is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments....

Multiple issues involving quote API in shlex

Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes { and \xa0 to appear unquoted and unescaped in command arguments. If the output of quote or join is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments....

AlmaLinux 9 : openssl (ALSA-2024:0310)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0310 advisory. Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns...

Multiple issues involving quote API

Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes { and \xa0 to appear unquoted and unescaped in command arguments. If the output of quote or join is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments....

Google changes wording for Incognito browsing in Chrome

Users of Chrome Canary have noticed some slight changes in the wording that Google uses for Incognito mode. Chrome Canary is mainly intended for use by developers. It’s updated nearly daily with new features, and because it can be used alongside versions of the “normal” Chrome browser (known...

Are You Ready for PCI DSS 4.0?

The Payment Card Industry Data Security Standard (PCI DSS) is the global benchmark for ensuring companies that handle credit card information maintain a secure environment. It provides a framework to help organizations protect sensitive cardholder data from theft and secure payment card systems. .....

JAVA-based Sophisticated Stealer Using Discord Bot as EventListener

JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener By Gurumoorthi Ramanathan · January 18, 2024 Executive Summary: In mid-November 2023, Trellix Advanced Research Center team members observed a Java-based stealer being spread through cracked software zip files using JDABuilder...

JAVA-based Sophisticated Stealer Using Discord Bot as EventListener

JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener By Gurumoorthi Ramanathan · January 18, 2024 Executive Summary: In mid-November 2023, Trellix Advanced Research Center team members observed a Java-based stealer being spread through cracked software zip files using JDABuilder...

AI used to fake voices of loved ones in “I’ve been in an accident” scam

The San Francisco Chronicle tells a story about a family that almost got scammed when they heard their son's voice telling them he'd been in a car accident and hurt a pregnant woman. Sadly, this is becoming more common. Scammers want to spread panic among their victims, and to do this, they feign.....

Dark web threats and dark market predictions for 2024

An overview of last year's predictions Increase in personal data leaks; corporate email at risk A data leakage is a broad term encompassing various types of information that become publicly available, or published for sale on the dark web or other shadow web sites. Leaked information may...

The evolution of the Kuiper ransomware

Kuiper Ransomware’s Evolution By Max Kersten · January 17, 2024 The Golang-based Kuiper ransomware is presented as an opportunity for other criminals to make money by ransoming one or more targets. Additionally, RobinHood, the actor behind Kuiper, states that help with operations can be provided...

The evolution of the Kuiper ransomware

Kuiper Ransomware’s Evolution By Max Kersten · January 17, 2024 The Golang-based Kuiper ransomware is presented as an opportunity for other criminals to make money by ransoming one or more targets. Additionally, RobinHood, the actor behind Kuiper, states that help with operations can be provided...

Woodstox Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.2.1 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...

What is Mallox Ransomware

Deciphering the Danger: Decoding Mallox Ransomware. Mallox Ransomware embodies a harmful software element, contributing to an ever-expanding repertoire of digital extortion threats. This cyber menace executes its mission by snaking its way into your computer system, applying a cipher to your data,....

[SECURITY] [DSA 5601-1] php-phpseclib3 security update

Debian Security Advisory DSA-5601-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 12, 2024 https://www.debian.org/security/faq Package : php-phpseclib3 CVE ID : CVE-2023-48795 Fabian...

[SECURITY] [DSA 5600-1] php-phpseclib security update

Debian Security Advisory DSA-5600-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 12, 2024 https://www.debian.org/security/faq Package : php-phpseclib CVE ID : CVE-2023-48795 Fabian...

[SECURITY] [DSA 5599-1] phpseclib security update

Debian Security Advisory DSA-5599-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 12, 2024 https://www.debian.org/security/faq Package : phpseclib CVE ID : CVE-2023-48795 Fabian Baeumer,...

Ransomware review: January 2024

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

What Is Network Segmentation

Unearthing the Basics: Your Guide to Understanding Network Partitioning A fundamental tenet of network partitioning is its critical role in digital defense. But, what does this truly embody? If you were to break it down, network partitioning refers to an approach that segregates a digital system...

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its...

SUSE: Security Advisory (SUSE-SU-2024:0075-1)

The remote host is missing an update for...

Atomic Stealer rings in the new year with updated version

Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer (AMOS) onto Mac users. This stealer has proven to be quite popular in the criminal underground and its developers have been adding new features to justify its hefty...

Untrusted search path under some conditions on Windows allows arbitrary code execution

Summary This issue exists because of an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on Windows, a malicious git.exe or bash.exe may be....