Aug 19, 2023THNNetwork Security / Vulnerability Networking hardware company Juniper Networks has released an “out-of-cycle” security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulative CVSS rating of 9.8, making them Critical in severity.
Month: August 2023
Security researchers have spotted a new Chinese espionage campaign targeting Asian gambling companies, which they suspect is the work of the Bronze Starlight group. SentinelLabs revealed that the threat actors abuse Adobe Creative Cloud, Microsoft Edge and McAfee VirusScan executables vulnerable to DLL hijacking in order to deploy Cobalt Strike beacons on targeted machines. They
by Paul Ducklin CELEBRATING THE TRUE CRYPTO BROS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our
Aug 18, 2023THNBrowser Security / Malware Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when
A popular anonymous file sharing service used by security researchers and threat actors has decided to close down, citing “extreme volumes” of users abusing it. AnonFiles was a going concern for two years, enabling anyone to share files without fear of being tracked online. It became a popular way for malicious hackers to share stolen
by Paul Ducklin The US Federal Bureau of Investigation (FBI) has just published an official public service announcement headlined with with a very specific warning: Cybercriminals Targeting Victims through Mobile Beta-Testing Applications. The Feds didn’t go as far as naming any specific vendors or services here, but one of the main reasons that crooks go
Aug 17, 2023THNVulnerability / Enterprise Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active in-the-wild exploitation. Tracked as CVE-2023-24489 (CVSS score: 9.8), the shortcoming has been described as an improper access
New research from King’s College London (KCL) has revealed a major gender gap in the provision and effectiveness of online safety advice and technology. Presented at the Usenix Security Symposium 2023, the research is based on a poll of 600 UK adults, half of whom were women, about their preferred ways of receiving online privacy
by Paul Ducklin It’s taken nearly ten years, but the US Department of Justice (DOJ) has just announced the court-approved seizure of a web domain called LolekHosted.net that was allegedly connected to a wide range of crimeware-as-a-service activities. The DOJ also charged a 36-year-old Polish man named Artur Karol Grabowski in connection with running the
Aug 16, 2023THNVulnerability / Enterprise Security Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. “An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable NetScalers to gain persistent access,” NCC Group said
The FBI has warned consumers not to download apps labelled as in beta test mode as they might be involved in scams designed to steal cryptocurrency and other assets. The apps are typically used in crypto investment scams, with victims directed to download them via other scams, the Feds said in a Public Service Announcement
by Paul Ducklin It’s been a while since we’ve written about card skimmers, which used to play a big part in global cybercrime. These days, many if not most cyber-breach and cybercrime stories revolve around ransomware, the darkweb and the cloud, or some unholy combination of the three. In ransomware attacks, the criminals don’t actually
Aug 15, 2023THNCyber Crime / Threat Intel A “staggering” 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. The findings come from Hudson Rock, which analyzed data collected from computers compromised between 2018 to 2023. “Hackers around the world infect computers opportunistically by promoting results
Police have taken down a Lolek bulletproof hosting service used by criminals to launch cyber-attacks across the world. The takedown was part of a coordinated effort between the Polish Central Cybercrime Bureau and the US Department of Justice (DoJ), alongside support from Europol and the Federal Bureau of Investigation (FBI). In a statement, Europol said:
The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill (DPDPB) after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people’s information. “The Bill provides for the processing of digital personal data in a manner that recognizes both the
A new variant of the SystemBC malware, paired with Cobalt Strike beacons, has been identified in a recent cyber-attack targeting a critical infrastructure power generator in a southern African nation. Echoing the high-profile Darkside Colonial Pipeline breach of 2021, the incident occurred during the third and fourth weeks of March 2023, according to a new
Aug 12, 2023THNServer Security / Cyber Threat Multiple security vulnerabilities impacting CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU) could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in target environments. The nine vulnerabilities, from CVE-2023-3259 through CVE-2023-3267, carry severity scores
Multiple vulnerabilities have been identified in the widely used Avada theme and its accompanying Avada Builder plugin. These security flaws, uncovered by Patchstack’s security researcher Rafie Muhammad, expose a significant number of WordPress websites to potential breaches. Within these vulnerabilities, the Avada Builder plugin exhibits two weaknesses. The first is an Authenticated SQL Injection (CVE-2023-39309).
Aug 12, 2023THNProgramming / Vulnerability A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution. “urlparse has a parsing problem when the entire URL starts with blank characters,”
“When I worked on a report from the US Cyber Safety Review Board about the Log4j vulnerability, I was stunned to find out that the developer community isn’t necessarily trained on security by design.” These words come from the Acting National Cyber Director of the US Office of the National Cyber Director (ONCD), Kemba Walden
by Paul Ducklin SNOOPING ON MEMORY, KEYSTROKES AND CRYPTOCOINS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of
Aug 11, 2023THNOperational Technology / Vulnerability A set of 15 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked from CVE-2022-47379 through CVE-2022-47393 and dubbed CoDe16, carry a
Multiple zero-day vulnerabilities have been discovered in some of the most used cryptographic multi-party computation (MPC) protocols, putting consumers’ cryptocurrency funds at risk of theft. In findings presented during Black Hat USA on Wednesday, August 9, the Fireblocks Cryptography Research Team said that the vulnerabilities, if left unpatched, would enable attackers to drain funds from
by Paul Ducklin The August 2023 Microsoft security updates are out (the first day of the month was a Tuesday, making this month’s Patch Tuesday as early as ever it can be), with 74 CVE-numbered bugs fixed. Intriguingly, if not confusingly, Microsoft’s offical bug listing page is topped by two special items dubbed Exploitation Detected.
Aug 10, 2023THNCyber Crime / Hacking Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale, ultimately facilitating the theft
Law firm Morgan & Morgan has lodged a class-action lawsuit against Tampa General Hospital on behalf of three victims affected by a significant data breach. Between May 12 and May 30, 2023, cyber-criminals infiltrated Tampa General Hospital’s computer system, pilfering data belonging to approximately 1.2 million patients. The exposed information encompasses sensitive details like names, addresses,
by Paul Ducklin Audio recordings are dangerously easy to make these days, whether by accident or by design. You could end up with your own permanent copy of something you thought you were discussing privately, preserved indefinitely in an uninterestingly-named file on your phone or laptop, thanks to hitting “Record” by mistake. Someone else could
Aug 09, 2023THNSoftware Security / Vulnerability Microsoft has patched a total of 74 flaws in its software as part of the company’s Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are
A widespread cyber-attack on hospital computer systems has caused significant disruptions across the United States, leading to the closure of emergency rooms in multiple states and the diversion of ambulances. The incident began last Thursday, 3 August, and targeted facilities operated by Prospect Medical Holdings, a California-based company with hospitals and clinics in Texas, Connecticut, Rhode
Aug 07, 2023THNCyber Crime / Malware A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan (RAT) capable of stealing sensitive information. Bot mitigation company Kasada said the activity is designed to “exploit trusted criminal networks,” describing