Finaly got #Lazarus setup again (thanks to #fpcupdeluxe) on 32bit #HaikuOS, now #CudaText is on par again with latest release 1.212.0.1 for both 32bit and 64bit.
Releases should be in the depot for install later, meanwhile you can grab them from:
And it's live! :) #Lazarus 3.2 for #HaikuOS 64bit can now be installed through our packagemanagers. Enjoy!
Prebuild binaries are also online at: https://codeberg.org/Begasus/Lazarus_Haiku (there is also a buildscript there that can build your local copy, you will need to have the #fpc and #fpc_source packages installed though. running "make LCL_PLATFORM=qt6" in the sourcetree for lazarus also works (you can change that to Qt5 also).
OK, while 32bit probably will have to be done through #fpcupdeluxe to get #Lazarus up and running, on 64bit switched build to #Qt6 and packaged it for #HaikuOS, checking up with #CudaText latest release still good! :D
#Lazarus Group's evolving cyber tactics target #macOS systems by combining elements from multiple #malware campaigns (like RustBucket and KANDYKORN) for better effectiveness and to avoid detection.
🚨 ALERT: BlueNoroff, linked to North Korea's #Lazarus Group, launches macOS #malware called ObjCShellz. Learn about its use in RustBucket and how to protect your systems.
Watch out crypto investors and blockchain engineers: North Korea's #Lazarus hacker group is using new #KandyKorn macOS malware for crypto and data theft.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #43/2023 is out! It includes the following and much more:
➝ 🇺🇸 🎰 Hackers that breached Las Vegas casinos rely on violent threats, research shows
➝ 🔓 🇺🇸 University of Michigan employee, student data stolen in #cyberattack
➝ 🔓 #1Password discloses security incident linked to #Okta breach
➝ 🇺🇸 Cyber attacks hit NY state #casino operation, two Hudson Valley hospitals
➝ 🇺🇸 🗳️ D.C. Board of Elections: Hackers may have breached entire voter roll
➝ 🔓 🇮🇪 Thousands of drivers have sensitive data exposed to hackers in major IT #breach
➝ 🇷🇺 📨 Pro-Russia hackers target inboxes with #0day in webmail app used by millions
➝ 🇫🇷 🇷🇺 #France says Russian state hackers breached numerous critical networks
➝ 🇳🇬 Nigerian Police dismantle #cybercrime recruitment, mentoring hub
➝ 🇵🇸 💸 #Palestine#crypto donation scams emerge amid Israel-Hamas war
➝ 🇪🇸 👮🏻♂️ #Spain arrests 34 #cybercriminals who stole data of 4 million people
➝ 🇨🇦 🇨🇳 #Canada: Lawmakers Targeted by China-Linked ‘#Spamouflage’ Disinformation
➝ 🇺🇸 🇷🇺 Ex-NSA Employee Pleads Guilty to Leaking Classified Data to #Russia
➝ 🦠 🇰🇵 N. Korean #Lazarus Group Targets Software Vendor Using Known Flaws
➝ 🦠 🇮🇷 Iranian Group #Tortoiseshell Launches New Wave of IMAPLoader #Malware Attacks
➝ 🦠 🪰 #StripedFly malware framework infects 1 million #Windows, #Linux hosts
➝ 🦠 📱 #iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation
➝ 🔓 📱 #Samsung Galaxy S23 hacked two more times at #Pwn2Own Toronto
➝ 🔓 Critical #OAuth Flaws Uncovered in #Grammarly, #Vidio, and #Bukalapak Platforms
➝ 🔓 🩺 Critical Flaw in NextGen's Mirth Connect Could Expose #Healthcare Data
➝ 🔓 #F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP
➝ 🔓 🍏 Hackers can force iOS and #macOS browsers to divulge #passwords and much more
➝ 🩹 #Citrix warns admins to patch #NetScaler CVE-2023-4966 bug immediately
➝ 🔓 ✌🏻 #Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops
➝ 🔓 Critical RCE flaws found in #SolarWinds access audit solution
📚 This week's recommended reading is: "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World" by Bruce Schneier
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
🚨 #Korean hacking group #Lazarus Group targets defense industry and nuclear engineers with fake job interviews, using trojanized VNC apps to steal data and execute commands.
Another way of implementing BYOVD to evade EDRs. MATA, linked to Lazarus, uses CallBackHell as a LPE exploit against CVE-2021-40449 to either execute with SYSTEM privileges or wipes pointers to kernel callback routines related to process/thread creation within specific drivers. Endpoint security products are then unable to monitor specific behavior.
If a system patched that vulnerability, a second tool is used. This one takes two arguments: a driver file path and antivirus name to target. The driver used is ene.sys, developed by ENE Technology.
It is becoming increasingly common to pair "EDR Evasion" with "BYOVD"
Report reveals #Lazarus Group, tied to North Korea, involved in $900 million cross-chain bridge laundering spree. As mixers face scrutiny, crypto criminals shift tactics.
The Lazarus Group, a cybercrime gang associated with the North Korean government, has been identified as the perpetrator of an attack on a Spanish aerospace firm. This attack utilized a new piece of malware called "LightlessCan." The hackers posed as recruiters from Meta (formerly Facebook) on LinkedIn, offering coding challenges that, when downloaded and printed, triggered a payload and installed the malware. ESET, a cybersecurity firm, believes the goal of the attack was espionage. LightlessCan is an upgraded version of a previously used remote access Trojan known as BlindingCan, featuring 68 commands, although only 43 appear to be implemented. The malware can mimic Windows commands and execute them discreetly, making it harder to detect.