campuscodi

campuscodi, 2 days ago to random

Newsletter: https://news.risky.biz/risky-biz-news-ir-reports-are-not-protected-documents-multiple-judges-rule/
Podcast: https://risky.biz/RBNEWS294/

-IR reports are not protected documents, multiple judges rule
-US sanctions Chinese nationals behind 911S5 proxy botnet
-MediSecure asks for a government bailout
-Check Point VPNs are under attack
-Ransomware hits Russian delivery service CDEK
-Ransomware hits Belgian ride-sharing app Mpact
-Rav-Rx paid a ransomware gang
-Data leak exposes Google Search internal docs
-OpenAI creates Safety Board
-Pegasus widely used in Rwanda

campuscodi, 3 days ago to random

OpenAI has established a Safety and Security Committee to advise its leadership on critical safety and security decisions for OpenAI projects.

The major infosec name on the committee is former NSA Director of Cybersecurity Rob Joyce, who will serve as a consultant.

https://openai.com/index/openai-board-forms-safety-and-security-committee/

campuscodi, 3 days ago to random

The US has sanctioned the operators of the 911 S5 proxy botnet (2 residents of Singapore and one of Thailand)

-Yunhe Wang
-Jingping Liu
-Yanni Zhen

https://home.treasury.gov/news/press-releases/jy2375

https://ofac.treasury.gov/recent-actions/20240528_33

No DOJ indictment so far!

Report on 911[.]re, also known as CloudRouter: https://spur.us/cloudrouter-911-proxy-resurrected/

The service shut down last year after a hack: https://krebsonsecurity.com/2022/07/911-proxy-service-implodes-after-disclosing-breach/

campuscodi, 3 days ago to random

The Rwandan government has deployed the NSO Group's Pegasus spyware against past political opponents, its own ministers, and even the family of a former presidential candidate.

Reporters from Forbidden Stories, discovered the attacks in a leaked list of phone numbers targeted with Pegasus spyware.

According to the same reporters, Rwandan officials had access to Pegasus between 2017 and 2021, after which its contract was not extended.

https://forbiddenstories.org/pegasus-in-rwanda-sister-of-presidential-candidate-high-ranking-rwandan-politicians-added-to-spyware-list/

campuscodi, 3 days ago to random

Sysdig documents Rebirth, a DDoS service catering for the gaming community... mostly CoD Warzone

https://sysdig.com/blog/ddos-as-a-service-the-rebirth-botnet/

campuscodi, 3 days ago to random

[North Korean APT group] "Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a malicious game, and deliver a new custom ransomware."

https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/

campuscodi, 3 days ago (edited 3 days ago) to random

Ransomware attack hits Russian delivery service CDEK

https://www.vedomosti.ru/business/articles/2024/05/28/1039828-prichinoi-sboya-v-rabote-sdek-mog-stat-virus-shifrovalschik

A group named Head Mare took credit for the incident yesterday on Twitter: https://x.com/head_mare/status/1795072931489345946

campuscodi, 3 days ago to random

Security firm Shelltrail has published a three-part write-up on two vulnerabilities (CVE-2024-36036 & CVE-2024-36037) in ManageEngine ADAudit Plus, a product used for real-time monitoring of Active Directory, Windows file servers, and Windows configuration change auditing.

https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part1/

https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part2/

https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part3/

campuscodi, 3 days ago to random

Chinese security firm QiAnXin has published a report on Kiteshield, an open-source packer for Linux ELF binaries that is currently abused in the wild by multiple threat actors targeting Linux infrastructure.

https://blog.xlab.qianxin.com/kiteshield_packer_is_being_abused_by_linux_cyber_threat_actors/

https://github.com/GunshipPenguin/kiteshield

campuscodi, 3 days ago to random

The creator of the Python programming language, Guido van Rossum, has dropped ownership of the CPython core code interpreter.

https://github.com/python/cpython/pull/119611

Code ownership is now being passed to Microsoft's Mark Shannon and one of the project's three initial members.

https://www.linkedin.com/in/mark-shannon-bb459551/

campuscodi, 3 days ago to random

The FBI estimates that the Scattered Spider cybercrime group has almost 1,000 members.

Speaking at a security conference last week, the FBI described the group as "very, very large" and claimed that many of the group's members don't know each other.

https://cyberscoop.com/potent-youth-cybercrime-ring-made-up-of-1000-people-fbi-official-says/

campuscodi, 4 days ago to random

Thanks to that stupid EU cookie bs, the
Wayback Machine is now capturing those popups instead of a site's content

campuscodi, 4 days ago to random

The Internet Archive, the organization behind the Wayback Machine, fell under a DDoS attack on Monday

campuscodi, 4 days ago to random

Security researchers have discovered a new Ransomware-as-a-Service advertised on underground hacking forums since February this year.

The new ransomware is named Synapse, and it contains code that spares Iranian systems from encryption.

According to security firm CyFirma, earlier this year, the Synapse group released a demo video to prove they built the fastest file-encrypting ransomware to date.

https://www.cyfirma.com/research/synapse-ransomware-technical-analysis/

campuscodi, 4 days ago to random

Security researcher Wang Tielen has published a PoC for CVE-2024-27842, a vulnerability patched this month by Apple that allows macOS apps to run arbitrary code with kernel privileges.

https://github.com/wangtielei/POCs/tree/main/CVE-2024-27842

campuscodi, 4 days ago to random

Newsletter: https://news.risky.biz/risky-biz-news-google-throws-out-globaltrust-certs/
Podcast: https://risky.biz/RBNEWS293/

-Google distrust GlobalTrust certs
-Spyware vendor pcTattletale hacked
-South Africa suspends child maintenance payments after hack
-Russian initial access broker charged in the US
-Optus to be investigated for 2022 hack
-MediSecure data sold online
-FHA adds new cybersecurity reporting requirements
-CyberCom holds hunt forward mission in Zambia
-Coinbase phisher pleads guilty
-Eighth Chrome zero-day this year

campuscodi, 5 days ago to random

ZenGo CTO Tal Be'ery has found an issue in WhatsApp that allows attackers to fingerprint a user's devices if the target has their account connected to multiple devices.

Meta declined to patch the reported issue.

https://medium.com/@TalBeerySec/hi-meta-whatsapp-with-integrity-4d85756dd7c5

campuscodi, 5 days ago to random

The Rust Foundation says that 20% of all Rust packages (crates) use the "unsafe" keyword to run unsafe code and expose their code to attacks.

Rust developers say that most of the unsafe keyword usage is related to the loading of non-Rust language code or libraries, such as C or C++.

The package with the most uses of the unsafe keyword is the Windows crate, which allows Rust developers to call into various Windows APIs.

https://foundation.rust-lang.org/news/unsafe-rust-in-the-wild-notes-on-the-current-state-of-unsafe-rust/

campuscodi, 5 days ago to random

Russian security firm Positive Technologies has published more details about an APT it tracks as Hellhounds, which the company first spotted last year.

PT says the group has been active since 2021, operates the Decoy Dog malware, and has made at least 48 confirmed victims inside Russia.

https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/hellhounds-operation-lahat-part-2/

campuscodi, 5 days ago to random

Google has published a blog post with some of the security features expected to arrive with Android 15 later this fall.

The major features include the addition of private spaces (a separate space on their device where they can keep sensitive apps away from prying eyes, under an additional layer of authentication) and improved background activity protections (so background apps can't bring apps to the foreground and abuse user interaction).

https://android-developers.googleblog.com/2024/05/the-second-beta-of-android-15.html

campuscodi, 5 days ago to random

In a landmark case, a US judge ruled that a cheating software vendor violated the copyright of Bungie, the maker of the Destiny game.

Since US courts work on precedence, this will allow even more companies to go after wallhack and cheat software vendors plaguing their games.

Unfortunately, this will likely impact legitimate gaming modders as well.

https://www.pcgamer.com/gaming-industry/bungie-wins-a-little-walkin-around-money-in-first-of-its-kind-jury-trial-against-destiny-2-cheat-maker-but-the-victory-will-likely-make-it-even-easier-for-game-companies-to-keep-taking-cheaters-to-court/

campuscodi, 5 days ago to random

ITOCHU says the new BLOODALCHEMY malware is an evolved version of Deed RAT—itself a successor of ShadowPad.

The malware was spotted in the wild for the first time last year by Elastic's security team.

Elastic spotted the malware on the network of a Foreign Affairs Ministry from a member of the Association of Southeast Asian Nations (ASEAN)—so very likely, a Chinese APT op.

https://blog-en.itochuci.co.jp/entry/2024/05/23/090000