The FBI says that Chinese hackers are still exploiting a Barracuda zero-day (CVE-2023-2868) to compromise email servers across the world.
The agency published this week a security alert with new IOCs related to these attacks: https://www.ic3.gov/Media/News/2023/230823.pdf
nostr:npub1rllgp34aexvnecuhfdr7t7jz0dudle7eyz9wgaakwgtmn4dm37fsvahhpx you're right... I'll fix
Australia's TLD domain registrar, auDA, confirms data breach: https://www.auda.org.au/statement/resolution-cyber-incident
(after initially denying it): https://www.auda.org.au/statement/auda-statement
Newsletter: https://riskybiznews.substack.com/p/us-warns-space-sector-of-hacks-espionage
Podcast: https://risky.biz/RBNEWS188/
-US warns space sector of hacks, spying, and sabotage
-Juniper releases out-of-band security update
-TSSHOCK attack can steal funds from MPC crypto-wallets
-Tesla identifies Handelsblatt whistleblowers
-Exactly Protocol hacked for $7.3m
-Kimsuky hacks officials ahead of US-ROK military exercise
-WinRAR vulnerability fixed
-New SAMLjacking technique
-Google publishes DFIQ
-Facebook publishes TTPForge
-New LOFLCAB project
After PSNI, it's now the turn of UK police to leak data via FOI websites
Google's Mandiant division has released a tool that can scan Citrix NetScaler ADC appliances for signs of exploitation via the CVE-2023-3519 vulnerability.
Blog: https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner
GitHub: https://github.com/mandiant/citrix-ioc-scanner-cve-2023-3519
Cybersecurity firm Secureworks plans to lay off 15% of its workforce, the company announced in an SEC filing.
https://www.sec.gov/ix?doc=/Archives/edgar/data/0001468666/000146866623000028/scwx-20230804.htm
nostr:npub17lgy0rj5a2nwpnyc4hup6ufpfz7wz6dzcgd3crm6fm2yd34dcz0qlk9uux explains why that toot got so popular... lol
nostr:npub1xtguejmenk9qwd4n2yvpuax2tq4f6rr2jejazgfd2zaffvyu9j4slvxfsf It's a third-party service. isn't it?
"Discord.io has suffered a data breach."
http://web.archive.org/web/20230814204626/https://discord.io/
id Software has open-sourced the code for its emblematic Quake 2 FPS game.
The company says it released the code "for users who wish to mod the game."
Indonesian haxor Beruangsalju has put together a collection of the most widely known web shell scripts.
Friendly warning to beware of backdoored scripts.
https://github.com/beruangsalju/shell-backdoor
"Did you put the Christmas hats on the logos?
No, researchers did that. And honestly I had lost a battle. I tried to use that as our official logo next time, and I was told we couldn’t"
https://techcrunch.com/2023/08/12/fbi-ddos-for-hire-cyberattackers/
Lolek bulletproof host admin charged for hosting NetWalker infrastructure
Newsletter: https://riskybiznews.substack.com/p/russia-blocks-openvpn-wireguard-vpn-protocols
Podcast: https://risky.biz/RBNEWS184/
-Russia blocks OpenVPN and WireGuard VPN protocols
-Northern Ireland police deals with data breach
-New TunnelCrack attack leaks VPN traffic
-MilkSad vulnerability exploited to steal from crypto-wallets
-Hundred Finance shuts down after hack
-Dallas ransomware attack to cost city $8.6mil
-Canada exposes WeChat disinfo campaign
-Indian military to replace Windows with Linux
-New Belarusian APT MitMs ISP traffic
Also:
-India passes data privacy bill
-AdLoad macOS adware turns into proxyware
-New BitForge crypto-wallet vulnerabilities
-Rapid7 and NCC layoffs
-Bunch of infosec tools released at BH/DC
-Pwnie Awards 2023 winners
-CheckPoint buys Perimeter81 for $490mil
-Malware reports on DroxiDat, Rhysida, Whirlpool, GootLoader, Freeze[.]rs, Statc Stealer, Xurum, Capra
-DHS CSRB releases Lapsus$ report
-Russian hacker sentenced for... donating to Navalny
-Lolek bulletproof hoster seized
Newsletter: https://riskybiznews.substack.com/p/russia-blocks-openvpn-wireguard-vpn-protocols
Podcast: https://risky.biz/RBNEWS184/
-Russia blocks OpenVPN and WireGuard VPN protocols
-Northern Ireland police deals with data breach
-New TunnelCrack attack leaks VPN traffic
-MilkSad vulnerability exploited to steal from crypto-wallets
-Hundred Finance shuts down after hack
-Dallas ransomware attack to cost city $8.6mil
-Canada exposes WeChat disinfo campaign
-Indian military to replace Windows with Linux
-New Belarusian APT MitMs ISP traffic
The German Federal Office for the Protection of the Constitution (BfV) says it detected "concrete spying attempts" by Iranian APT group Charming Kitten targeting dissident organizations and Iranian nationals living in Germany.
Targets included lawyers, journalists, and human rights activists. The campaign has allegedly been taking place since the end of 2022.
The Cyber Safety Review Board (CSRB) has published a report on the Lapsus$ gang
AT&T says AdLoad now has a proxy component for funneling spam campaigns through infected systems
Estimated infections are in the thousands, just from AT&T visibility
https://cybersecurity.att.com/blogs/labs-research/mac-systems-turned-into-proxy-exit-nodes-by-adload
