/
...part of a business email compromise (BEC) phishing campaign:
https://any.run/cybersecurity-blog/phishing-incident-report/
Any.Run - Phishing Incident Report: Facts and Timeline ...part of a business email compromise (BEC) phishing campaign:
https://any.run/cybersecurity-blog/phishing-incident-report/
ANY.RUN's Cybersecurity Blog
Phishing Incident Report: Facts and Timeline - ANY.RUN's Cybersecurity Blog
We are providing the first results of our investigation into the recent incident and share a full account of the events with our community.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
OpenBLD.net Preventing: - Polyfill supply chain attack (hits 100K+ sites)
The
All IoC sent to💪
Attack details:
https://sansec.io/research/polyfill-supply-chain-attack
The
polyfill.js is a popular open source library to support older browsers. 100K+ sites embed it using the cdn.polyfill.io domain...All IoC sent to
OpenBLD.net ecosystem Attack details:
https://sansec.io/research/polyfill-supply-chain-attack
Please open Telegram to view this post
VIEW IN TELEGRAM
/ The Growing Threat of Malware Concealed Behind Cloud Services
- Affected Platforms: Linux Distributions
- Impacted Users: Any organization
- Impact: Remote attackers gain control of the vulnerable systems
- Severity Level: High
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers, such as VCRUMS stored on AWS or SYK Crypter distributed via DriveHQ. This shift in strategy presents significant challenges for detection and prevention, as cloud services provide scalability, anonymity, and resilience that traditional hosting methods lack..:
https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services
- Affected Platforms: Linux Distributions
- Impacted Users: Any organization
- Impact: Remote attackers gain control of the vulnerable systems
- Severity Level: High
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers, such as VCRUMS stored on AWS or SYK Crypter distributed via DriveHQ. This shift in strategy presents significant challenges for detection and prevention, as cloud services provide scalability, anonymity, and resilience that traditional hosting methods lack..:
https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services
Fortinet Blog
The Growing Threat of Malware Concealed Behind Cloud Services
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers. Over the past month, FortiGuard Labs has been monitoring botne…
/ GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5
- Run pipelines as any user
- Private job artifacts can be accessed by any user
- Denial of service using a crafted OpenAPI file
- and more..
https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/
- Run pipelines as any user
- Private job artifacts can be accessed by any user
- Denial of service using a crafted OpenAPI file
- and more..
https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/
GitLab
GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5
Learn more about GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
Qualys
OpenSSH CVE-2024-6387 RCE Vulnerability: Risk & Mitigation | Qualys
CVE-2024-6387 exploit in OpenSSH poses remote unauthenticated code execution risks. Find out which versions are vulnerable and how to protect your systems.
/ Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
...Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure..:
https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
...Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure..:
https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
www.evasec.io
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications | E.V.A
Multiple vulnerabilities affecting the CocoaPods ecosystem, have been discovered, posing a major risk of supply chain attacks.
/ CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers...
The new versions of CapraRAT each use WebView to launch a URL to either YouTube or a mobile gaming site, CrazyGames[.]com. There is no indication that an app with the same name, Crazy Games, is weaponized as it does not require several key CapraRAT permissions, such as sending SMS, making calls, accessing contacts, or recording audio and video..:
https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/
The new versions of CapraRAT each use WebView to launch a URL to either YouTube or a mobile gaming site, CrazyGames[.]com. There is no indication that an app with the same name, Crazy Games, is weaponized as it does not require several key CapraRAT permissions, such as sending SMS, making calls, accessing contacts, or recording audio and video..:
https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/
SentinelOne
CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts
SentinelLABS has identified four new CapraRAT APKs associated with suspected Pakistan state-aligned actor Transparent Tribe.
/ Microsoft will end new Office 365 connectors to Teams on August 15, October
https://devblogs.microsoft.com/microsoft365dev/retirement-of-office-365-connectors-within-microsoft-teams/
https://devblogs.microsoft.com/microsoft365dev/retirement-of-office-365-connectors-within-microsoft-teams/
Microsoft News
Retirement of Office 365 connectors within Microsoft Teams
Starting August 15, 2024 we will be retiring the Office 365 connectors feature from Microsoft Teams and recommend Power Automate workflows as a solution.
/ RockYou2024: 10 billion passwords leaked in the largest compilation of all time
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
Cybernews
RockYou2024: 10 billion passwords leaked in the largest compilation of all time
RockYou2024, the largest password compilation, leaked on a hacker forum.
/
On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 emails..:
https://blog.ethereum.org/2024/07/02/blog-incident
blog.ethereum.org mailing list incidentOn 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 emails..:
https://blog.ethereum.org/2024/07/02/blog-incident
Ethereum Foundation Blog
blog.ethereum.org mailing list incident | Ethereum Foundation Blog
/ Windows Hyper-V Elevation of Privilege Vulnerability
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38080
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38080
/ Leaked access token with administrator access to Python’s GitHub repos
The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub..:
https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/
The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub..:
https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/
JFrog
Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine
The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker…
/ Patch or Peril: A Veeam vulnerability incident
...this detailed analysis highlights how quickly the threat actors practiced the exploitation of the recently disclosed CVE-2023-27532 vulnerability (March 2023) to target unpatched Veeam Backup & Replication Software. The blog provides an overview of the attacker’s tactics, techniques, and procedures (TTPs)..:
https://www.group-ib.com/blog/estate-ransomware/
...this detailed analysis highlights how quickly the threat actors practiced the exploitation of the recently disclosed CVE-2023-27532 vulnerability (March 2023) to target unpatched Veeam Backup & Replication Software. The blog provides an overview of the attacker’s tactics, techniques, and procedures (TTPs)..:
https://www.group-ib.com/blog/estate-ransomware/
Group-IB
Patch or Peril: A Veeam vulnerability incident
Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences.
/ Apple warns iPhone users in 98 countries of spyware attacks
https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/
https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/
TechCrunch
Apple warns iPhone users in 98 countries of spyware attacks | TechCrunch
Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It's the Apple issued threat notifications to iPhone users across 98 countries, warning them of spyware attacks.
/ “Nearly all” AT&T customers had phone records stolen in new data breach disclosure
Operatotors record all messsages and calls? It's unpleasant when it all flows out..
https://www.malwarebytes.com/blog/news/2024/07/nearly-all-att-customers-had-phone-records-stolen-in-new-data-breach-disclosure
Operatotors record all messsages and calls? It's unpleasant when it all flows out..
https://www.malwarebytes.com/blog/news/2024/07/nearly-all-att-customers-had-phone-records-stolen-in-new-data-breach-disclosure
Malwarebytes
“Nearly all” AT&T customers had phone records stolen in new data breach disclosure
AT&T has told customers about yet another data breach. This time call and text records of nearly all customers were stolen.
/ Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks
https://www.trendmicro.com/en_id/research/24/g/CVE-2024-38112-void-banshee.html
https://www.trendmicro.com/en_id/research/24/g/CVE-2024-38112-void-banshee.html
Trend Micro
CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ SEG vs. SEG: How Threat Actors are Pitting Email Security Products Against Each Other With Encoded URLs
https://cofense.com/blog/seg-vs-seg-how-threat-actors-are-pitting-email-security-products-against-each-other/
https://cofense.com/blog/seg-vs-seg-how-threat-actors-are-pitting-email-security-products-against-each-other/
Cofense
SEG vs. SEG: How Threat Actors are Pitting Email Security
Discover how threat actors are increasingly exploiting SEG-encoded URLs to bypass email security measures. Learn how these tactics lead to malicious emails evading proper scanning, putting recipients
/ New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
TECHCOMMUNITY.MICROSOFT.COM
New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints | Microsoft Community Hub
Steps for how to access and use the new recovery tool Microsoft created - updated on July 31, July 23, July 22, and July 21. The tool provides two recovery...
/ EvilVideo: Telegram app for Android targeted by zero-day exploit sending malicious videos
https://www.eset.com/uk/about/newsroom/press-releases/set-research-discovers-evilvideo-telegram-app-for-android-targeted-by-zero-day-exploit-sending-malicious-videos/
https://www.eset.com/uk/about/newsroom/press-releases/set-research-discovers-evilvideo-telegram-app-for-android-targeted-by-zero-day-exploit-sending-malicious-videos/