Zero-day attacks are on the rise. Can patches keep up? https://securityintelligence.com/articles/zero-day-attacks-are-on-the-rise-can-patches-keep-up/?utm_source=dlvr.it&utm_medium=mastodon #CyberNews #Tweetaboutthis
「英国は中国に対して警鐘を鳴らしている:存亡の脅威」: cybernews
「迅速かつ断固とした行動がなければ、英国は「中国が青写真を盗み、基準を設定し、製品を製造し、あらゆる段階で政治的、経済的影響力を行使するという悪夢のシナリオへの道を進んでいる」と英国議会委員会は憂慮すべき報告書で結論づけている。 」
すごい警戒感が出ています。中国から遠いイギリスで。大変な時代です。出典は初めての引用になります。
#prattohome #cybernews #イギリス #中国 #警戒
IT-Forscher von #Cybernews haben eine offene Amazon Web Services (AWS)-Cloud-Instanz entdeckt. Darin lagen mehr als 360.000 Dateien, frei zugreifbar. Die IT-Forensiker konnten die Dateien dem Unternehmen #Pflegia zuordnen.
#datenschutz #sicherheit #administration #forensics
#forensics #administration #sicherheit #datenschutz #pflegia #cybernews
The #ZeroDayCon #securityconference was a successful #cyberdefense and #cyberawareness #event with strong focus on international #collaboration against #cyberattack. My #IrishTechNews review of the #event now out at https://irishtechnews.ie/cooperation-on-cybersecurity-zeroday-conference/ #secops #cybernewS
#zerodaycon #securityconference #cyberdefense #cyberawareness #event #collaboration #cyberattack #irishtechnews #secops #cybernews
📬 Tutanota vs. ProtonMail – ein Anbietervergleich erhitzt die Gemüter
#Internet #Kurznotiert #CyberNews #OpenSource #protonmail #ProtonPrivacy #Richtigstellung #Tutanota #TutanotaMail https://tarnkappe.info/artikel/internet/tutanota-vs-protonmail-ein-anbietervergleich-erhitzt-die-gemueter-270055.html
#TutanotaMail #tutanota #richtigstellung #protonprivacy #protonmail #opensource #cybernews #kurznotiert #internet
Happy Monday folks, I hope you had a restful weekend and managed to take a breather from all things cyber! Time to get back into it though, so let me give you hand - catch up on the week’s infosec news with the latest issue of our newsletter:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf
#Emotet are back and are using…OneNote lures? ISO disk images? Malvertising? Nah – they’re sticking with tier tried and true TTPs – their Red Dawn maldoc template from last year; macro-enabled documents as lures, and null-byte padding to evade automated scanners.
We’ve highlighted a report on the Xenomorph #Android Banking Trojan, which added support for targeting accounts of over 400 banks; automated bypassing of MFA-protected app logins, and a Session Token stealer module. With capabilities like these becoming the norm, is it time to take a closer look at the threat Mobile Malware could pose to enterprise networks?
North Korean hackers have demonstrated yet again that they’re tracking and integrating the latest techniques, and investing in malware development. A recent campaign saw eight new pieces of malware distributed throughout the kill chain, leveraging #Microsoft #InTune to deliver payloads and an in-memory dropper to abuse the #BYOVD technique and evade EDR solutions.
A joint investigation by #Mandiant and #SonicWall has unearthed a two-year campaign by Chinese actors, enabled through exploitation of unpatched SMA100 appliances and delivery of tailored payloads. A critical vulnerability reported by #Fortinet this week helps reinforce the point that perimeter devices need to be patched with urgency, as it’s a well-documented target for Chinese-affiliated actors.
#HiatusRAT is a novel malware targeting #DrayTek routers, sniffing network traffic and proxying C2 traffic to forward-deployed implants. TTPs employed in recent #BatLoader and #Qakbot campaigns are also worth taking note of, as is #GoBruteforcer, a new malware family targeting specific web server applications to brute force logins and deploy an IRC bot for C2.
Those in Vulnerability Management should take particular note of the #Veeam vulnerability, which appears trivial to exploit and actually delivers plaintext credentials to the attacker. CISA have also taken note of nearly 40k exploit attempts of a 2 year old code-exec-as-root vulnerability in the #VMWare Cloud Foundation product in the last two months, so make sure you’re patched against it.
#Redteam members have some excellent reading to look forward to, looking at HTTP request smuggling to harvest AD credentials and persisting with a MitM Exchange server, as well as a detailed post that examines #CobaltStrike’s reflective loading capability;
The #blueteam has some great tradecraft tips from @inversecos on #Azure DFIR, as well as tools to help scan websites for malicious objects, and to combat the new #Stealc #infostealer and well-established Raccoon Stealer.
Catch all this and much more in this week's newsletter:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #newsletter #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #DarkWeb #mdm #dprk #FortiOS #FortiProxy
#emotet #android #microsoft #intune #byovd #mandiant #sonicwall #fortinet #hiatusrat #draytek #batloader #qakbot #gobruteforcer #veeam #vmware #redteam #cobaltstrike #blueteam #azure #stealc #infostealer #infosec #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #newsletter #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #mdm #dprk #fortios #FortiProxy
[CyberLand News] Weekly Threats and Malware
> #UNC2970 #UNC577 #UNC4034 #malware
> #Emotet #botnet
> #CISA #VMWare #vulnerability #CVE-2021-39144
> #GoBruteforcer #malware #botnet (#Golang)
#cybernews #cybersecurity #infosec #cyberattack #CyberThreat
https://tribalsec.substack.com/p/cyberland-news-weekly-threats-and-504
#unc2970 #unc577 #UNC4034 #malware #emotet #botnet #cisa #vmware #vulnerability #cve #gobruteforcer #golang #cybernews #cybersecurity #infosec #cyberattack #cyberthreat
The prolific #Emotet malware - tracked under the actor #MummySpider and #TA542 - is back after a 3 month break, delivering inflated (~500MB) macro-enabled Word documents via invoice-themed Phishing emails.
The Word documents are contained in a password protected archive, and once opened and the malicious content is enabled, will download the Emotet payload - a similarly bloated dll file, designed to bypass automated scanning solutions that typically can't process large files.
Malware analyst Max Malyutin has a great summary of the ATT&CK techniques and IOCs seen in this campaign so far: https://twitter.com/Max_Mal_/status/1633102894328168448?t=Kn9N3dUIcqul_TTCu1aqzQ&s=19
Analysts may find debloat - a tool that strips guff from intentionally bloated executables - useful in processing samples: https://github.com/Squiblydoo/debloat
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #security #technology #malware #soc #threatintel #threatintelligence #phishing
#emotet #mummyspider #ta542 #infosec #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #security #technology #malware #soc #threatintel #threatintelligence #phishing
Last week's reporting gave a great insight into the level of innovation going on in the cyber crime ecosystem - C2 over MQTT, cryters delivering payloads over SQL connections, and UEFI bootkits that bypass Window's Secure Boot! We've pulled it all together, just for you:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-3fd
The BlackLotus #Bootkit has been upgraded to exploit a vulnerability in Microsoft's Secure Boot Mechanism, allowing it to persist on fully patched Windows 11 systems. This is enabled in no small part by the failure to update the UEFI revocation list, which allowed the bootkit author to simply load and exploit the vulnerable UEFI components on target systems.
Australia's cyber security laws were "bloody useless" in helping mitigate the Optus and Medibank breaches of 2022, according to the government's Home Affairs Minister. A new "national cyber office", reforms to Critical Infrastructure security laws, and a new Cyber Security Act are all on the table for discussion.
zScaler analysts have picked up on the Snip3 crypter, a Crypter-as-a-Sevice offering which uses multiple obfuscated stages; an AMSI Bypass, and SQL queries to circumvent security controls.
Sysdig share insights from a sophisticated #AWS-centric campaign; ESET have uncovered a new backdoor used by China's Mustang Panda (#APT27) which implements C2 over MQTT, and Team Cymru have again picked apart #IcedID's infrastructure to identify key TTPs.
Some interesting supply chain vulnerabilities this week, with bugs found in the ZK web app framework and Trusted Platform Module (TPM) having the potential to affect an untold number of applications and devices.
#Redteam members will get a kick out of DroppedConnection - a PoC that mimics Cisco AnyConnect VPN to siphon credentials and serve up malware to unwitting victims.
The #blueteam can look forward to some tips for GCP DFIR, bypassing malware geo-fencing, and tracking cyber criminal infrastructure.
Catch all this and much more in this week's newsletter:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-3fd
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #DarkWeb #criticalinfrastructure #breach #privacy #Australia #crypter
#Bootkit #aws #apt27 #icedid #redteam #blueteam #infosec #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #criticalinfrastructure #breach #privacy #australia #crypter
Find your Monday motivation with a recap of last week's infosec news - with vulnerabilities to patch and new research to read up on, there's plenty to help warm up the old noggin' before diving into another week:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-991
#Microsoft have helpfully suggested patching a bunch of security exceptions it previously recommended making for earlier versions of #Exchange, as they're no longer necessary and - oh yeah - because actors have also been actively abusing it to drop backdoors for years!
Stealc is a new, and in-demand Malware-as-a-Service offering on the Dark Web. The infostealer has received three major updates in the month since its release, and comes with all the major features a cyber crim could wish for to pilfer data and deliver additional stages.
A personal favourite from last week - #LockBit realised a little too late that the Royal Mail negotiator had - in their words - "bamboozled" them throughout their extortion attempts. A real masterclass in how to handle a ransomware negotiation
VulnCheck have reported finding 7.5k #Grafana instances on the internet that were vulnerable to a 2021 directory traversal vulnerability. This was lost in the hysteria around Log4Shell which emerged just days later, but can still be abused to write content to disk, or simply wipe the entire database altogether.
The #FortiNAC vulnerability from the week before has come under widespread attack after a working exploit was released by researchers just two business days after the vulnerability was disclosed. Assume breach, patch, and hunt if you're not on top of this already.
For the #redteam, there's a cool BOF implementation of a Threadless process injection technique presented at Bsides Cyrus this year.
It's been a good week for the #blueteam, with research and tools to help in detecting Cobalt Strike's Fork&Run procedure, a number of malware families and FOSS C2 frameworks, and more.
Good luck, and happy hunting!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-991
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #Fortinet #CobaltStrike #DarkWeb
#microsoft #exchange #lockbit #grafana #fortinac #redteam #blueteam #infosec #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #fortinet #cobaltstrike #darkweb
Security research company Horizon3 released a proof-of-concept (PoC) exploit for a vulnerability in the Fortinet FortiNAC appliance, just two business days after the vendor notified customers of its existence.
The PoC allows an attacker to write arbitrary files to disk, and was seized upon by malicious actors who - just one day later - were seen deploying web shells on vulnerable appliances in-the-wild.
While security research is an undeniably important component of Cyber Security, its participants are often on the bleeding edge of offensive tradecraft, and need to be cautious that their research isn't abused by bad actors.
Allowing organisations just two business days to patch a vulnerability before releasing a fully-functional exploit into the wild does not meet that standard.
This isn't a criticism of Horizon3 themselves, but a reminder that organisations take time to discover and patch vulnerabilities, and security researchers need to be mindful of this - especially when publishing offensive tooling.
https://opalsec.substack.com/p/poc-leak-swiftly-followed-by-widespread?sd=pf
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #redteam #soc #threatintel #threatintelligence #poc #exploit #Fortinet #FortiNAC #securityresearch
#infosec #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #redteam #soc #threatintel #threatintelligence #poc #exploit #fortinet #fortinac #securityresearch
Happy Monday, folks! It's time to shake off the cobwebs, so strap yourselves in and get your reading glasses out - here's a wrap-up of the week's infosec news, just for you: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
Australia's mandatory reporting laws for Critical infrastructure operators got its first win last week, with the CISC revealing 47 cyber incidents were reported in the 8 months to December last year. Congrats, but what does that actually mean?
#GoDaddy finally twigged to a multi-year compromise of their networks, after users reported odd redirects impacting their website visitors. Turns out they'd likely been owned since at least March 2020, and appear to have failed to evict the attackers at least twice.
Havoc is the latest C2 framework to be thrown in anger, this time against a government target and in a multi-staged delivery chain which featured several evasive measures. Seems like Sliver and Brute Ratel may soon be in good company!
Symantec researchers have unearthed Frebniis - a stealthy IIS backdoor novel for it's hooking of a legitimate feature to covertly intercept attacker tasking.
A number of critical bugs in #Fortinet, #Apple, and #Citrix have been squashed - just make sure you know which ones, and apply those patches!
#redteam members are in for a treat, with a new Nim-based implant to play with and the OffensivePipeline tool to help automate obfuscation.
The #blueteam can look forward to a detailed look at attacks on #ESXi and how to mitigate it, as well as Hunt recommendations for evilginx2, and an update to Microsoft #Defender for Identity to help identify #ADCS abuse.
As always, there's literally dozens more research articles on threat actor activity and tradecraft that I can't summarise here, so make sure you take a look at this week's issue of SOC Goulash and get yourself up to speed!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #SliverC2 #BruteRatel #criticalinfrastructure
#godaddy #fortinet #apple #citrix #redteam #blueteam #esxi #defender #adcs #infosec #cyberattack #hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #sliverc2 #bruteratel #criticalinfrastructure
You are invited to join us on February 16th for a webinar discussing: Mandatory Cyber Incident Reporting Requirements are Good for Business.
Speakers: Joe Levy Sophos; Imelda Flores Scitum S.A. de C.V.; Raj Samani Rapid7; and J. Michael Daniel Cyber Threat Alliance
Register: https://lnkd.in/gmDii36b
Many countries are implementing mandatory cyber incident reporting requirements, including the US, EU, Australia, and India. While the typical private sector instinct might be to oppose such rules, properly drafted reporting requirements will ultimately benefit the business community. Governments and cybersecurity providers can use the resulting information to provide tailored assistance, generate better warnings to similarly situated companies, understand the total burden cybercrime is placing on the economy, and determine whether policies are having their intended effects.
https://us06web.zoom.us/webinar/register/WN_LCQV9cKuTzmuA5ODKRryHg
#cybersecurity #cyber #infosecurity #CISO #CTO #cyberattacks #cybernews #incidentresponse #incidents #incidentinvestigation #infosec #cybercrime #threatintelligence
#cybersecurity #cyber #infosecurity #ciso #cto #cyberattacks #cybernews #incidentresponse #incidents #incidentInvestigation #infosec #cybercrime #threatintelligence
This week's newsletter is hot off the press, get it here: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.
PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.
Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.
#RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.
#BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques
Happy reading, and happy Monday!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi
#esxiargs #ta866 #redteam #cobaltstrike #localpotato #blueteam #AsyncRAT #infosec #cyberattack #hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #vmware #esxi
Hackers target US telecommunications firms, leak consumer data #cyber #cybernews #usa #telecom #hack #leak https://cybernews.com/news/hackers-target-us-telecommunications-firms/
#cyber #cybernews #usa #telecom #hack #leak
This week's wrap-up of infosec news is out, just in time for your morning commute: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4af
#Qakbot have gotten in on the #OneNote action - turns out so too has every other threat actor under the sun.
Iran's #OilRig/#APT34 has been caught in the act, abusing the legitimate Password Filters feature to siphon creds, and exfiltrating them via compromised mail channels.
Some interesting techniques were observed in a recent #SocGholish campaign, including passively enumerating usera through event logs and disabling Restricted Admin mode to enable the theft of creds from memory.
A series of vulnerabilities in the Fortran GoAnywhere MFT file transfer application, QNAP NAS appliances, and VMWare ESXi servers should be top of your list this morning - make sure you're not exposed!
All that and much more, to help you shake off the cobwebs this Monday morning: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4af
#infosec #CyberAttack #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #poc
#qakbot #onenote #oilrig #SocGholish #infosec #cyberattack #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #poc
Join us February 16th for a webinar discussing: Mandatory Cyber Incident Reporting Requirements are Good for Business.
Speakers: Joe Levy Sophos; Imelda Flores Scitum S.A. de C.V.; Raj Samani Rapid7; and J. Michael Daniel Cyber Threat Alliance
Register: https://lnkd.in/gmDii36b
Many countries are implementing mandatory cyber incident reporting requirements, including the US, EU, Australia, and India. While the typical private sector instinct might be to oppose such rules, properly drafted reporting requirements will ultimately benefit the business community. Governments and cybersecurity providers can use the resulting information to provide tailored assistance, generate better warnings to similarly situated companies, understand the total burden cybercrime is placing on the economy, and determine whether policies are having their intended effects.
#cybersecurity #cyber #infosecurity #CISO #CTO #cyberattacks #cybernews #incidentresponse #incidents #incidentinvestigation #infosec #cybercrime #threatintelligence
#cybersecurity #cyber #infosecurity #ciso #cto #cyberattacks #cybernews #incidentresponse #incidents #incidentInvestigation #infosec #cybercrime #threatintelligence
Here's the video. Rampant fake ads in your Google search results are leading to hacked accounts & money stolen. Here's what to watch for. #CyberNews #ScamAlert #CybersecurityAwareness
https://www.youtube.com/watch?v=fzfUk5lMJuc
#cybernews #scamalert #cybersecurityawareness
My latest story: Attackers are infiltrating your Google search results with money-stealing ads. Here's what to watch for.
#cybernews #cybersecurity #scam
https://www.amperesec.com/newsarchive/attackers-are-infiltrating-your-google-search-results
#cybernews #cybersecurity #scam