campuscodi

campuscodi, 1 day ago to infosec

David Ross, one of the early pioneers of browser security research, has passed away, his family announced on Twitter.

In 1999, together with Georgi Guninski, he authored the first paper on XSS attacks named "Script Injection".

He also worked on implementing X-Frame-Options in Internet Explorer.

https://x.com/randomdross/status/1799284146231185584

#infosec #cybersecurity #security

campuscodi, 2 days ago to infosec

The Cyber Partisans say they hacked the Belarusian State University.

The group claims it obtained documents and audio records from the university's internal network showing how its leadership dismissed staff and students who participated in anti-government protests.

The files show that the university declined to admit new students who participated in protests and left comments online against the dictatorship.

https://www.by.cpartisans.org/en/post/bsu-uncut-2020-2024-part-1 #infosec #cybersecurity #security

campuscodi, 2 days ago to infosec

Analyst1 has published a report that looks at the history of a ransomware operation named RansomHouse.

Researchers say the platform has been used by threat actors with links to ransomware gangs such as White Rabbit, Mario ESXi, RagnarLocker, and Dark Angels (Dunghill Leak).

https://analyst1.com/ransomhouse-stolen-data-market-influence-operations-amp-other-tricks-up-the-sleeve/

Not to be confused with RansomHub, which is a different ransomware group.

#infosec #cybersecurity #security

campuscodi, 2 days ago to infosec

The threat actor behind the Kuiper ransomware tried to sell its source code on the XSS hacking forums only to get immediately banned back in April

https://x.com/Libranalysis/status/1778036668236222483

#infosec #cybersecurity #security

campuscodi, 2 days ago (edited 20 hours ago) to random

The EU Agency for Law Enforcement Training (CEPOL) says it was the victim of a cyberattack:

https://www.cepol.europa.eu/newsroom/news/cyber-incident-eu-agency-law-enforcement-training-cepol #infosec #cybersecurity #security

campuscodi, 2 days ago to random

I'm gonna take a wild guess and say probably because the US is one giant country and there's 102,194 different languages in Europe... also previously divided by an "Iron Curtain"

Might be wrong :tinking: :SMOrc:

campuscodi, 2 days ago (edited 20 hours ago) to random

Security firm watchTowr has published its own analysis of CVE-2024-4577, a PHP-CGI vulnerability impacting Windows systems: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

The bug was initially discovered by DEVCORE: https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/

watchTowr has also released proof-of-concept code: https://github.com/watchtowrlabs/CVE-2024-4577 #infosec #cybersecurity #security

campuscodi, 2 days ago to random

Talks from the Privacy Camp 2024 security conference, which took place this January, are available on YouTube

https://www.youtube.com/playlist?list=PLGeR6jS_7N7d0O9TKMDQwta-fZ_mN4ors

campuscodi, 3 days ago (edited 1 day ago) to random

CoinGecko data breach

https://www.coingecko.com/learn/getresponse-data-breach-june-2024

via intrusion at email provider GetResponse: https://www.getresponse.com/blog/security-incident-june-5

campuscodi, 4 days ago to random

Newsletter: https://news.risky.biz/risky-biz-news-interpol-plugs-red-notices-leak/
Podcast: https://risky.biz/RBNEWS298/

-Interpol plugs Red Notices leak
-Kaspersky says Apple didn't pay bounty for Triangulation report
-Medibank faces monumental fine
-CISA named as first-ever CVE ADP
-Dubai hit by ransomware attack
-Disney hacked for ClubPenguin data
-Cisco fixes bug used by German journalists
-iPhone 15 to have only 5 years of security updates
-FCC gives $200mil to schools for cyber
-New Conti member detained
-Epsilon hacker detained in FR

campuscodi, 4 days ago to random

For infosec practitioners who follow or run Twitch cybersecurity channels, Twitch is changing Tier 1 monthly subscription prices from $4.99 to $5.99 per month on July 11.

https://help.twitch.tv/s/article/local-sub-price-countries?language=en_US

campuscodi, 5 days ago to random

The FCC has allocated $200 million to fund the acquisition of cybersecurity services and products at K-12 schools and libraries.

The funds will be made available in the next three years through the FCC E-Rate program. Prior to this year, E-Rate funds could previously only be used to purchase internet subscriptions and networking devices.

https://www.fcc.gov/document/fcc-adopts-200m-cybersecurity-pilot-program-schools-libraries

campuscodi, 5 days ago to random

French authorities have detained a 16-year-old teen for running a malware rental business.

The teen used nicknames such as ChatNoir and Cap and was part of the Epsilon hacker group that breached the Altice French multinational earlier this year.

According to posts on the group's Telegram channel, the teenager appears to be behind the WaveStealer malware.

https://www.lemonde.fr/pixels/article/2024/06/05/cybercriminalite-un-adolescent-interpelle-dans-l-enquete-sur-le-groupe-de-pirates-epsilon_6237496_4408996.html

campuscodi, 5 days ago (edited 1 day ago) to random

FCC passes rules to require broadband providers to file confidential reports on BGP defenses they have or plan to use

https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements

campuscodi, 5 days ago (edited 1 day ago) to random

Ukraine's GUR military intelligence agency took credit for a series of DDoS attacks that targeted the websites and systems of multiple Russian government agencies

https://www.pravda.com.ua/news/2024/06/5/7459288/

campuscodi, 5 days ago (edited 1 day ago) to random

Russian independent news outlet Meduza is warning that Russian propagandists are pushing disinformation using misleading cutouts of its (and others') content.

https://meduza.io/en/feature/2024/06/05/we-thought-we-d-return-the-favor

campuscodi, 5 days ago to random

Ukraine's CERT team says a threat actor it tracks as UAC-0020 (Vermin) is targeting its military with spear-phishing attacks designed to deliver the SPECTR infostealer.

The group has returned with new attacks after first being spotted in March 2022, shortly after Russia's invasion of Ukraine.

Officials claim the Vermin group receives orders from law enforcement agencies in the Luhansk occupied territory.

https://cert.gov.ua/article/6279600

campuscodi, 5 days ago to random

Security firm Ambionics open-sourced Scalpel, a Burp extension for intercepting and rewriting HTTP traffic

https://www.ambionics.io/blog/scalpel

https://github.com/ambionics/scalpel/

campuscodi, 5 days ago to random

NIST's CyberSeek project says the US still needs over 225,000 professionals to close its cybersecurity workforce shortage.

The agency says that only 85% of the the 1.2 million cybersecurity jobs in the US are occupied.

https://www.securityweek.com/225000-more-cybersecurity-workers-needed-in-us-cyberseek/

Interactive map: https://www.cyberseek.org/heatmap.html

campuscodi, 5 days ago to random

A team of Chinese academics has discovered a security flaw in the design of RISC-V SonicBOOM processors: https://www.nwpu.edu.cn/info/1198/86148.htm

Technical details are available here:

https://mp.weixin.qq.com/s/ke8tBpJ7NpvUEAecov--UQ

campuscodi, 5 days ago to random

Positive Technologies has published a report on ExCobalt, a former cybercrime group that is now conducting cyber-espionage operations against Russian targets. The group's latest attacks involved the use of a Go-based backdoor named GoRed.

https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/preview/ex-cobalt-go-red-tehnika-skrytogo-tunnelya/

ExCobalt appears to be related to an APT that Rostelecom tracks as Shedding Zmiy.

https://rt-solar.ru/solar-4rays/blog/4333/

campuscodi, 5 days ago to random

According to reports from the New York Times and Haaretz, the Israel Ministry of Diaspora Affairs paid a private company named STOIC $2 million for a social media influence campaign that targeted US politicians. (1/2)

https://www.nytimes.com/2024/06/05/technology/israel-campaign-gaza-social-media.html

https://www.nytimes.com/2024/06/05/technology/israel-campaign-gaza-social-media.html

campuscodi, 5 days ago to random

Privacy organization noyb has asked data protection agencies in 11 EU countries to investigate Meta for its plan to use Facebook user data to train its AI

https://noyb.eu/en/noyb-urges-11-dpas-immediately-stop-metas-abuse-personal-data-ai