PayTR Ödeme Ve Elektronik Para Kuruluşu A.Ş. Security Vulnerabilities

Threat Roundup for May 26 to June 2

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 26 and June 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

What is a web shell?

Editor's note: The Need to Know is a new series from Talos, which focuses on cybersecurity terms, threats, tools and tactics that are discussed in our broader threat research. Think of this as a living encyclopedia of security terms and trends. Cisco Talos Incident Response recently released our...

On the Poisoning of LLMs

Interesting essay on the poisoning of LLMs--ChatGPT in particular: Given that we've known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it's entirely possible that bad actors have been poisoning ChatGPT for months. We don't...

Exploit for Path Traversal in Grafana

PoC para CVE-2021-43798 Grafana es una plataforma de código...

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239126 As usual, I use my open source Vulristics project to...

Phishing Domains Tanked After Meta Sued Freenom

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while...

Detect and Prioritize Identity-Related Cloud Risk with InsightCloudSec

In modern cloud environments, roles and permissions are assigned not just to human users, but to machines, resources and services, as well. The massive scale of cloud environments leads to teams potentially managing millions of distinct identities. As a result, security teams often struggle to...

Tracking down a trojan: An inside look at threat hunting in a corporate network

At Malwarebytes, we talk a lot about the importance of threat hunting for SMBs--and not for no good reason, either. Just consider the fact that, when a threat actor breaches a network, they don't attack right away. The median amount of time between system compromise and detection is 21 days. By...

It’s apparently hip to still be using Windows 7

Welcome to this week's edition of the Threat Source newsletter. As a longtime macOS user, I must admit I'm behind the times when it comes to Microsoft Windows. Since buying a Steam Deck, I've actually come to learn more about Linux and the Proton compatibility layer than I ever did about Windows......

Threat Roundup for May 19 to May 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 19 and May 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)

Last week, there were 90 vulnerabilities disclosed in 77 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 29 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Leaked Babuk ransomware builder code lives on as RA Group

The bones of long gone ransomware group Babuk continue to rattle in the breeze, in the form of reused code. Researchers from Cisco Talos have named this new team the "RA Group", a ransomware collective which may have only been up and running since last month. Babuk famously threatened to leak law.....

ChatGPT: Cybersecurity friend or foe?

If you haven't heard about ChatGPT yet, perhaps you've just been thawed from cryogenic slumber or returned from six months off the grid. ChatGPT--the much-hyped, artificial intelligence (AI) chatbot that provides human-like responses from an enormous knowledge base--has been embraced practically...

APT attacks: Exploring Advanced Persistent Threats and their evasive techniques

Cyber criminals come in all shapes and sizes. On one end of the spectrum, there's the script kiddie or inexperienced ransomware gang looking to make a quick buck. On the other end are state-sponsored groups using far more sophisticated tactics--often with long-term, strategic goals in mind....

Ted Chiang on the Risks of AI

Ted Chiang has an excellent essay in the New Yorker: "Will A.I. Become the New McKinsey?" The question we should be asking is: as A.I. becomes more powerful and flexible, is there any way to keep it from being another version of McKinsey? The question is worth considering across different...

Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code

Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023. The actor is swiftly expanding its operations. To date, the group has compromised three organizations in the U.S. and one in South Korea across several business verticals,.....

Threat Source newsletter (May 11, 2023) — So much for that ransomware decline

Welcome to this week's edition of the Threat Source newsletter. I wrote a few weeks ago about how, between the public and private sectors, the security community was making some strides in fighting back against ransomware. Reports indicate that revenue for ransomware actors was down in 2022, and...

ChatGPT: Friend or Foe? | API Security Newsletter

Welcome to our April API newsletter, recapping some of the events of last month. This month’s topic is Generative AI tools (e.g., ChatGPT) in cybersecurity. It – along with API Security – dominated the 2023 RSA Conference, and there’s plenty of digital ink being spilled on the topic. Be sure to...

Sponsored Twitter post uses fake BBC News site to boost slippery oil trading app

A sponsored post on Twitter promises to offer the benefits of obtaining citizenship, but really just wants to lure you into some form of Forex trading AI scheme. This tangled web also includes faked BBC web pages and suspicious-looking website reviews to round the whole thing off. Shall we take a.....

Threat Roundup for May 5 to May 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 5 and May 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

qemu-kvm security, bug fix, and enhancement update

[7.2.0-14] - Rebuild for 9.2 release - Resolves: bz#2173590 (bugs in emulation of BMI instructions (for libguestfs without KVM)) - Resolves: bz#2156876 ([virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)) [7.2.0-13] -...

New Discord username policy raises user privacy fears

Discord, the Voice over IP (VoIP) and instant message communications tool, is changing how usernames function in a major way soon. Many users are not keen on this change at all. What is going on over there, and why are so many people concerned about the upcoming alterations? When Discord launched.....

Building Trustworthy AI

We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives, and capabilities behind them, too. Imagine you're using an AI chatbot to plan a vacation. Did it suggest a particular resort because...

The one and only password tip you need

OK, it's time for me to keep a promise. Back in October 2022, I wrote an article called Why (almost) everything we told you about passwords was wrong. The article summarizes how a lot of what you've been told about passwords over the years was either wrong (change your passwords as often as your...

Piwigo 13.5.0 SQL Injection

...

AI-powered content farms start clogging search results with ad-stuffed spam

A recent study by NewsGuard, trackers of online misinformation, makes some alarming discoveries about the role of artificial intelligence (AI) in content farm generation. If you've previously held your nose at the content mill grind, it's probably going to become a lot more unpleasant. Content...

Introducing: ‘Saved Filters’ in InsightCloudSec

Last year, when we launched Layered Context in InsightCloudSec, we knew we had something great on our hands. Not just because we provided a single view for cloud security practitioners to see their full cloud risk posture (though, if we do say so ourselves, that’s pretty sweet). No, we knew we had....

Threat Source newsletter (May 4, 2023) — Recapping the biggest headlines to come out of RSA

Welcome to this week's edition of the Threat Source newsletter. I didn't attend the RSA Conference in person, and on top of that, I was at the NFL Draft while the conference was going on. I'm behind on the biggest talks, panels and presentations that came out during the annual security conference,....

Threat Roundup for April 28 to May 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 28 and May 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,.....

World Password Day must die

The continued existence of World Password Day is a tell that something has gone badly wrong in cybersecurity. Now in its tenth year, the day is supposed to act as an annual reminder for people to follow good password hygiene: Don't reuse passwords; use long passwords; no, longer passwords than...

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network's chief...

AI to Aid Democracy

There's good reason to fear that AI systems like ChatGPT and GPT4 will harm democracy. Public debate may be overwhelmed by industrial quantities of autogenerated argument. People might fall down political rabbit holes, taken in by superficially convincing bullshit, or obsessed by folies à deux...

AppDomain Manager Injection: New Techniques For Red Teams

AppDomain Manager Injection is a very versatile and useful technique for red team operators. This technique allows you to effectively turn any Microsoft.NET application on a Windows host into a lolbin (Living Off the Land Binary) by forcing the application to load a specially crafted .NET...

Threat Roundup for April 21 to April 28

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 21 and April 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

EFF on the UN Cybercrime Treaty

EFF has a good explainer on the problems with the new UN Cybercrime Treaty, currently being negotiated in Vienna. The draft treaty has the potential to rewrite criminal laws around the world, possibly adding over 30 criminal offenses and new expansive police powers for both domestic and...

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have...

This Week in Spring - April 25th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? I'm en route to Bangalore, India, via Frankfurt, for the Developer Summit 2023 edition. It's going to be a ton of fun, and I hope you won't miss it! para Spring Boot 3.1.0-RC1 available now One of the most...

Vulristics News: EPSS v3 Support, Integration into Cloud Advisor

Hello everyone! This episode will focus on the news from my open source Vulristics project for vulnerability analysis and prioritization. Alternative video link (for Russia): https://vk.com/video-149273431_456239122 EPSS v3 The third iteration of the Exploit Prediction Scoring System (EPSS) was...

FTC tackles tech support scams by chasing payment processor firms

A multinational payment processing company and two of its executives are facing a potential $650k fine as a result of allegedly processing credit card payments for tech support scammers. While this fine isn't exactly massive in comparison to some of the privacy breaches and other incidents seen...

LibreOffice vulnerability

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages libreoffice - Office productivity suite Details It was discovered that LibreOffice may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current...

Avoid this "lost injured dog" Facebook hoax

Facebook users are advised to be wary of posts involving injured dogs receiving treatment at a vet surgery, or pets sitting next to people post-operation adorned with bandages and plaster casts. The dog-themed missives all follow a similar format, with the primary change between them being the...

Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2023-060)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-060 advisory. The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which...

New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022

James Alaniz and Diamond Fair contributed to this article. We’ve been on quite a roll lately releasing new compliance packs, along with iterative updates to others that we’ve supported for a while now. We’re not done yet, either! In this article, we’ll discuss our newly released compliance pack...

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening...

Medicine Tracker System 1.0 SQL Injection

...

State-sponsored campaigns target global network infrastructure

Cisco is deeply concerned by an increase in the rate of high-sophistication attacks on network infrastructure -- that we have observed and have seen corroborated by numerous reports issued by various intelligence organizations -- indicating state-sponsored actors are targeting routers and...

Instagram scam promises money in exchange for your image

We're seeing a number of complaints on Reddit and elsewhere regarding a scam which flares up every so often. It's called the "Muse scam", and targets users of Instagram. Let's hear from one of the Reddit posters impacted: An artist approached me on Instagram asking if they could use one of my...

Threat Roundup for April 14 to April 21

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 14 and April 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

Medicine Tracker System v1.0 - Sql Injection

...

Apache Log4j Remote Code Execution

Impact Opencast uses an Apache Log4j2 version which, combined with older JDK versions, can be used for remote code execution attacks which have been found to be actively exploited. Apache Log4j2 <=2.14.1 JNDI features is not sufficiently protected. An attacker who can control log messages or log...