#CyberAttack #MGMSystems #ITSystemsShutdown #MGMResorts #Cybersecurity #SystemOutage #LasVegas #SocialMedia #Investigation #LawEnforcement #Disruptions #ATM #SlotMachines #CashOnlyPayments #Guests #Reservations #Massachusetts #NewYork #DataExfiltration #ComputerSystems #Access #PersonalInformation #140MillionGuests
Chrome has released a security update to patch a widely exploited zero-day flaw. The update includes a critical vulnerability fix. Google has upgraded the Stable and Extended stable channels for Mac, Linux, and Windows. The vulnerability, tracked as CVE-2023-4863, is a heap buffer overflow in WebP. The exploit for this vulnerability is already in the wild. Google is withholding more information about the attacks for now. To update Google Chrome, users can open Chrome, click on More, go to Help About Google Chrome, and click on Update Google Chrome. Stay informed about cybersecurity news by following us on Google News, Linkedin, Twitter, and Facebook.
#Chrome #cybersecurity #cybersecuritynews
Loda malware attacks Windows to control RDP and spread malware. The malware can deliver harmful payloads, steal sensitive information, and log user inputs. The most common method of infection is through phishing email campaigns. Other threat actors also use Loda malware, such as the Kasablanka group and TA558. Loda RAT utilizes RDP, steals data and files, captures keystrokes and mouse clicks, and takes screenshots. It also has an Android version that can track victims and record audio conversations. To prevent Loda malware, avoid opening spam emails and be cautious with suspicious URLs and files. #malware #windows #CyberSecurityNews
Lazarus Group targets macOS in supply chain attack. Cybersecurity firm ESET detects significant attack. X_TRADER and 3CX phone system apps compromised. Rise in macOS detections. Trojan detections increase by 16.8%. Trojanized 3CX macOS application distributed. Second-stage malware targets cryptocurrency companies. Attack linked to prior supply chain attack in 2022. Enhanced cybersecurity measures needed. Vigilance and security are essential defenses. Hashtags: #LazarusGroup #macOS #SupplyChainAttack #Cybersecurity #TrojanDetections #Malware
https://www.infosecurity-magazine.com/news/lazarus-group-targets-macos-supply/
Cuba Ransomware Group targets organizations worldwide in various industries. The group utilizes a sophisticated backdoor called BUGHATCH and Russian-speaking members. They have updated versions of the BURNTCIGAR malware that evades antivirus detection. Cuba operates without additional libraries, making it difficult to detect. They manipulate compilation timestamps and constantly refine their techniques. Staying informed and proactive is crucial to mitigate potential attacks. #Cuba #ransomware #cybersecurity #malware #intelligence
https://www.infosecurity-magazine.com/news/cuba-ransomware-undetectable/
Summary:
1. Akira ransomware is targeting Cisco VPNs without multi-factor authentication (MFA).
2. The vulnerability, known as CVE-2023-20269, allows unauthorized access to VPN connections.
3. Organizations without MFA on their VPNs are at risk of infiltration.
4. Implementing MFA is crucial to mitigate the risk of unauthorized access and ransomware infections.
5. Cisco has collaborated with Rapid7 to investigate similar attack tactics.
6. The Akira ransomware uses various extortion strategies and a TOR-based website.
7. Attackers exploit exposed services and vulnerabilities in MFA and VPN software.
8. Two primary access methods used are brute-forcing and purchasing credentials from the dark web.
9. Detailed logs in affected Cisco ASA devices are necessary for incident analysis.
10. Cisco provides guidance on setting up logging and forensics in ASA devices.
Researchers have discovered critical vulnerabilities in Proton Mail that could compromise user security. The vulnerabilities centered around the web client, exposing potential weak points in the security chain. Attackers could steal decrypted emails and impersonate users by tricking them into interacting with maliciously crafted messages. Proton Mail promptly addressed the issues and removed SVG support to mitigate the vulnerabilities. The importance of proactive security measures in maintaining the integrity and privacy of sensitive communications is highlighted. #cybersecurity #ProtonMail #vulnerability
Weaponized Telegram App Infected Over 60K Android Users
Cybersecurity researchers found malicious Telegram mods on Google Play claiming to be the fastest apps with a global network of data centers. These mods pose risks as threat actors penetrate and sell their versions. The mods appear identical to the original Telegram but contain suspicious code that accesses user contacts and sends data to a command server. Users should be cautious of third-party messenger mods, even on Google Play.
Hashtags: #Telegram #Android #Cybersecurity #Malware #DataBreach #ThreatActor
HPE OneView vulnerability allows attacker to bypass authentication, disclose sensitive information, and cause denial of service. Impacted versions are prior to v8.5 and v6.60.05 patch. Upgrade to v8.5 or later or v6.60.05 LTS. Apply fixes to protect systems. #cybersecurity #HewlettPackardOneView
#Vulnerabilities #Hacking #UPSDevices #Cybersecurity #Socomec #SecurityFlaws #DataBreaches #Ransomware #IoTSecurity #EndpointSecurity #NetworkSecurity #SupplyChainSecurity #ICS #InformationSecurity #CyberInsurance
https://www.securityweek.com/vulnerabilities-allow-hackers-to-hijack-disrupt-socomec-ups-devices/
Powerful ethnic militia in Myanmar repatriates 1,200 Chinese suspected of involvement in cybercrime. #Myanmar #China #Cybercrime #Repatriation
Researchers from different universities have unveiled a new exploit called "WiKI-Eve" to steal Wi-Fi passwords by eavesdropping on keystrokes. The exploit uses Wi-Fi CSI to infer keystrokes and steal numerical passwords. The researchers used BFI variations and deep learning with adversarial training to make WiKI-Eve practical with limited data. Encrypting data traffic can defend against WiKI-Eve, but it can complicate systems. Keyboard randomization is another defense, but it can inconvenience users. WiKI-Eve is a versatile Wi-Fi KI attack that requires no hacking or specialized hardware. #WiKiEve #WiFiPasswords #Eavesdropping #Cybersecurity
(Note: I've created 5 sentences and 4 hashtags as an example. Please specify the desired number of sentences and hashtags in your request.)
Orca Security introduces new tool to detect Log4j-like exploits. The tool allows users to ask natural language queries to search for vulnerabilities. Existing tools require coding or specific skills to perform cloud asset searches. Orca's AI-driven search streamlines cloud asset discovery. The tool is currently available to Orca customers and will soon be available to all users. #OrcaSecurity #Log4j #CloudSecurity #AI
https://www.csoonline.com/article/651766/orcas-new-llm-tool-to-help-detect-log4j-like-exploits.html
the bidding or the Auto-Bid reaches its ceiling. In the same way, AI tools will analyze your preferences, search history, and online behavior to recommend products, shape your opinions, and influence your decisions. This personalized manipulation goes beyond what traditional media like radio and TV can do, as it is more targeted and specific to each individual. #AItools #personalization #influencemarketing
https://www.schneier.com/blog/archives/2023/09/ai-tool-use.html
Summary:
A video of a glass squid, Taonius Borealis, from NOAA was shared. Discussion on security stories that were not covered in the blog post is encouraged.
Hashtags: #glasssquid #NOAA #security
https://www.schneier.com/blog/archives/2023/09/friday-squid-blogging-glass-squid-video.html
Summary:
- LastPass vault hacking, Russia targeting Ukraine energy facility, and NXP data breach are notable cybersecurity stories this week.
- SentinelOne ends collaboration with Wiz following acquisition rumors.
- Threat actors may be breaking into compromised LastPass vaults.
- Dutch semiconductor company NXP discloses a data breach affecting user email addresses.
- Golf equipment maker Callaway discloses a data breach impacting over one million people.
- China is weaponizing software vulnerabilities, leveraging mandatory flaw reporting.
- Vulnerability found in Mend.io platform allows access to other users' data.
- Flipper Zero hacking device can be used to spam Apple devices via Bluetooth.
- MinIO object storage suite vulnerabilities exploited in a new cloud attack vector.
- Russian APT group targets an energy facility in Ukraine.
- Interesting behaviors observed in the dynamically seeded domain generation algorithm used by the Pushdo and Necurs botnets.
- W3LL phishing kit used to target corporate Microsoft 365 accounts.
- TXOne Networks announces the second generation of its Edge engine for industrial cybersecurity.
Hashtags:
- #Cybersecurity
- #LastPass
- #Russia
- #Ukraine
- #NXP
- #DataBreach
- #China
- #Vulnerability
- #Phishing
- #IoTSecurity
- #EdgeSecurity
Phishing attacks are being launched using Google Looker Studio, bypassing protections. The attackers create fake crypto pages delivered through emails from the legitimate tool. Victims are lured to click on a link and redirected to a Google Looker page with a slideshow, where they are prompted to log in and their credentials are stolen. The attack passes email authentication checks and verifications due to the deep nesting in Google's system. The campaign has been ongoing for weeks. #Phishing #GoogleLookerStudio #Cybersecurity
https://www.securityweek.com/new-phishing-campaign-launched-via-google-looker-studio/
Summary: Cisco has discovered a zero-day vulnerability in its ASA and FTD software that has been exploited in Akira ransomware attacks since August. The vulnerability allows remote attackers to access the software without authentication, specifically in brute force attacks. Cisco recommends that customers upgrade to a fixed software release to address the vulnerability.
Hashtags: #Cisco #vulnerability #zero-day #AkiraRansomware #bruteforceattacks
https://www.securityweek.com/cisco-asa-zero-day-exploited-in-akira-ransomware-attacks/
Google TAG has uncovered a North Korean cyber campaign targeting security researchers. The threat actors exploit zero-day vulnerabilities and communicate with researchers via social media before distributing malicious files. The campaign also includes a standalone Windows tool that can compromise victims' systems. Hashtags: #NorthKoreanCyberCampaign #ZeroDayVulnerabilities #SecurityResearchers #MaliciousFiles #WindowsTool.
https://www.infosecurity-magazine.com/news/north-korean-campaign-targets/
1. Cyber-criminals exploit GPUs in graphic design software, using cryptocurrency-mining malware to hijack the GPUs.
2. The attackers bundle the malware with legitimate software like Adobe Illustrator and Autodesk 3ds Max, using the "Advanced Installer" tool.
3. The high GPU power required by graphic design and 3-D modeling software makes them a target for cryptocurrency mining.
4. The malicious scripts are deployed during the software installation process, creating backdoors and installing cryptocurrency-mining malware.
5. The campaign mainly affects French-speaking users, but there have been isolated infections in other countries.
6. Graphic designers and 3-D modelers are advised to be cautious when installing software.
7. Long-running campaigns like this can have a lasting impact on organizations and are difficult to detect.
8. Operations and security teams should work together to detect and respond to these types of attacks.
#CyberCrime #GPUMalware #CryptocurrencyMining #GraphicDesignSoftware #AdvancedInstaller #CyberSecurity
https://www.infosecurity-magazine.com/news/gpus-graphic-design-software/