Binarly has an analysis of the private key leaks that took place at Lenovo in September 2022 and MSI in April 2023.
The report's main finding was that multiple companies were apparently using the same Intel Boot Guard private keys to sign different types of firmware images.
Google has launched a new .ing TLD
All customers must use HTTPS for this one
https://blog.google/products/registry/introducing-the-ing-top-level-domain/
Enterprise software giant VMWare has published two security advisories to fix two sets of issues in its vCenter Server and Tools applications.
The worst of the two is the vCenter update, which fixes a 9.8/10-rated memory issue that can lead to remote code execution attacks (CVE-2023-34048).
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
Ransomware is being deployed within one day of initial access in more than 50% of engagements.
In just 12 months the median dwell time identified in the annual Secureworks State of the Threat Report has freefallen from 4.5 days to less than one day.
In 10% of cases, ransomware was even deployed within five hours of initial access.
https://www.secureworks.com/about/press/ransomware-dwell-time-hits-low-of-24-hours
nostr:npub1t22ezsps7a7hredz249naq3s9d3csytmrzyf0yhqw94pklxk8ggq6x3ddy coming to Romania in 2024
From cURL founder on the nazi-X-chan:
"We are cutting the release cycle short and will release curl 8.4.0 on October 11, including a fix for a severity HIGH CVE."
DataDog's security team has open-sourced a tool named KubeHound that can be used to analyze Kubernetes clusters and create graphs of possible attach paths.
Blog: https://securitylabs.datadoghq.com/articles/kubehound-identify-kubernetes-attack-paths/
Tool: https://kubehound.io/
Not gonna lie.... Substack is starting to piss me off.
Why is there no more "View on web" link in its newsletters?
nostr:npub1zj46mlm94ekxxlc26xk3yyse9c89jd6hrf9q6ce34w045es6a86sqzfyjh I would be curious to hear more about how Retools' incident is related to the recent attacks on 0kta customers.
nostr:npub1lw70vfcx6typxmsdjzc4tl29wsrmr52urkg7fzx2hedak3gqcmsq4tctzc Timeline of the attack seems to indicate it is
ThemeBleed - RCE in Windows Themes
SentinelOne has discovered a new infostealer targeting macOS systems named MetaStealer: https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/
It is unclear if this is related to a similar infostealer targeting Windows systems, discovered last year by NCC Group: https://research.nccgroup.com/2022/05/20/metastealer-filling-the-racoon-void/
Broadcom's Symantec division has discovered a new Rust-based ransomware strain named 3AM.
Symantec saw the ransomware used in one attack so far, where a known ransomware affiliate deployed it on a victim's network after Lockbit was detected and blocked.
The 3AM ransomware comes with a Tor-based support and payment portal but does not appear to operate a dark web leak site (yet).
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
Newsletter: https://riskybiznews.substack.com/p/microsoft-to-phase-out-3rd-party-printer-drivers
Podcast: https://risky.biz/RBNEWS197/
-Microsoft to phase out 3rd-party printer drivers
-Akira and Lockbit exploit Cisco ASA/FTD zero-day
-FBI links Stake crypto-heist to North Korea
-Ukrainian hacktivists unmask Russia's Cuban mercenary recruiting scheme
-Ransomware hits Sri Lanka govt
-Twitter bans scraping
-15 Israeli opposition party members have a WhatsApp issue mysteriously at the same time
-China's Myanmar fraud crackdown hits 1.2k
-Chinese info-op on Gab
A Vietnamese threat actor going by the name of MrTonyScam has been conducting expansive Facebook Messenger spam campaigns delivering malware using malicious attachments.
BugProve researchers have identified 33 vulnerabilities in Zabio IP security cameras.
Seven of the reported vulnerabilities are pre-authentication remote code execution flaws that can be used to hijack affected security camera models.
The company has published details and proof-of-concept scripts for all issues after the vendor failed to respond for almost nine months.
An academic study of 4,600 malicious Python libraries found that 72% of packages persisted across PyPI mirror sites even after the libraries were removed from the main PyPI website.
"I brought down a scamming operation with 15 bytes of PHP"
AT&T Customers Doxed Themselves En Masse In Reply-All Nightmare
NIST published a draft framework for the security non-fungible tokens (NFTs)
Security firm WithSecure has discovered a new threat actor named DUCKPORT focused on infecting users with malware in order to hijack accounts that have access to Facebook's advertising and business platforms.
WithSecure says the group is based in Vietnam and appears to have spun out of a group named DUCKTAIL.