Roundcube Webmail has a cross-site scripting (XSS) vulnerability (CVE-2023-43770) that exposes sensitive data. Roundcube Webmail 1.6.3 offers a patch for this vulnerability. #RoundcubeWebmail #XSSVulnerability #DataExposure
https://cybersecuritynews.com/roundcube-webmail-xss-vulnerability/
Researchers have discovered a new backdoor, dubbed "Deadglyph," believed to be created by the Stealth Falcon group. The malware is highly sophisticated and uses homoglyph techniques for deception. It dynamically receives commands from the command-and-control server as modules, and has anti-detection capabilities. It collects information about the victim's computer and can self-remove if it fails to connect to the server. The backdoor is associated with the group known as Project Raven or Stealth Falcon, which targets activists and journalists in the Middle East.
#security #malware #backdoor #cyberespionage #homoglyph #StealthFalcon
https://www.infosecurity-magazine.com/news/researchers-spot-novel-deadglyph/
Extradited Nigerian pleads guilty to $6m BEC scheme #cybercrime #fraud #BECscammer #moneylaundering
Nigerian man conspired to trick victims into wiring funds #emailcompromise #spoofedemails
Stolen funds laundered through bank accounts and cashier's checks #moneylaundering #stolenfunds
Actual losses of $1m, perpetrator has control over $45,925 #pleadeal #restitution
BEC remains a lucrative cybercrime, earning over $2.7bn last year #cybercrimestats #BEC #scammers
https://www.infosecurity-magazine.com/news/bec-scammer-pleads-guilty-6m-scheme/
Summary:
1. Atlassian released fixes for four high-severity flaws that could cause DoS and remote code execution in its products.
2. The vulnerabilities were found using the Bug Bounty program, pen-testing processes, and third-party library scans.
3. The flaws affected Jira, Confluence, Bitbucket, and Bamboo.
4. The fixed versions for each flaw were specified.
5. Atlassian recommends upgrading to the latest fixed versions.
Hashtags:
#Atlassian #Vulnerabilities #DoS #RCE #Cybersecurity
https://cybersecuritynews.com/atlassian-vulnerabilities-dos/
Summary: Egyptian opposition politician Ahmed Altantawy was targeted with spyware after announcing a presidential bid, with researchers suspecting Egyptian authorities as the likely culprits. The attempt prompted Apple to release urgent updates for their devices to patch the associated vulnerabilities. Altantawy's connection to Vodafone Egypt was configured to automatically infect his devices with Predator spyware when visiting certain websites. Once infected, the spyware can turn a smartphone into a remote eavesdropping device. This discovery of the attempted hack adds to the growing concern over surveillance and cyber threats faced by political opposition in Egypt.
Hashtags: #Egypt #Spyware #Cybersecurity #Opposition #Vulnerabilities
In the ever-evolving landscape of retail, cybersecurity is crucial for protecting sensitive data. Product Information Management (PIM) solutions are important tools for managing and distributing product data securely in the retail sector. Key practices for enhancing PIM cybersecurity include role-based access control, data encryption, regular auditing and monitoring, secure data storage, two-factor authentication, data masking, software updates, employee training, data backups and disaster recovery, and vendor security assessment. These practices help protect against cyber threats and ensure data integrity. PIM security involves safeguarding product information through access controls, encryption, and monitoring. Top PIM practices for enhancing cybersecurity include data encryption and secure storage, role-based access control, and regular auditing and monitoring. These practices help retailers protect sensitive information, detect and respond to suspicious activities, and mitigate the risks of cyber threats.
https://cybersecuritynews.com/top-pim-practices-for-enhancing-cybersecurity-in-retail/
1. LastPass is now enforcing longer master passwords to improve security.
2. This change is a PR stunt that won't help users affected by the 2022 breach.
3. LastPass failed to upgrade older customers to more secure encryption protections.
4. Increasing the number of iterations can make it harder for attackers to crack master passwords.
5. LastPass users with weak master passwords and lower iterations are more vulnerable to offline attacks.
6. LastPass blames users for not using longer passphrases, but experts say it's the company's fault.
7. LastPass is not recommending users to change all passwords secured by the stolen master password.
8. LastPass has a history of weak defaults and is not recommended by some experts.
9. LastPass's actions won't help those affected by the breach, but may improve security in the future.
Hashtags: #LastPass #PasswordSecurity #DataBreach #Cybersecurity #Encryption #OnlineVaults #UserProtection #PRStunt #MasterPassword #SecurityImprovements
https://krebsonsecurity.com/2023/09/lastpass-horse-gone-barn-bolted-is-strong-password/
New squid species discovered: vampire-like squid from 165 million years ago with bullet-shaped body, luminous organs, and unique features. #Squid #Discovery #AncientSpecies
https://www.schneier.com/blog/archives/2023/09/friday-squid-blogging-new-squid-species-2.html
Air Canada has experienced a cyberattack where employee information was accessed. Limited personal information of some employees and certain records were obtained. Flight operations and customer-facing systems were not affected. The affected parties have been notified and relevant authorities have been informed. The airline has enhanced security measures to prevent future incidents. #AirCanada #Cyberattack #DataBreach
https://www.securityweek.com/air-canada-says-employee-information-accessed-in-cyberattack/
China's offensive cyber operations in Africa support soft power efforts. Chinese state-sponsored threat groups have targeted telecoms, financial, and government organizations in Africa. The threat actors aim to gain intelligence and competitive advantage in negotiations. China's investments in African telecommunications create dependence and influence. Other China-linked threat actors have also targeted Africa. Chinese cyber operations in Africa align with China's strategic agendas.
https://www.securityweek.com/chinas-offensive-cyber-operations-in-africa-support-soft-power-efforts/
Summary:
1. Google updates its Chronicle Security Operations platform to unify SIEM and SOAR solutions.
2. Open Systems announces the general availability of its OT firewall service.
3. Signal Protocol is hardened against quantum threats.
4. IT-ISAC hosts the Election Security Research Forum.
5. Yubico starts trading on Nasdaq in Stockholm.
6. Pizza Hut Australia hacked, compromising personal information of customers.
7. Florida man sentenced to prison for BEC scheme.
8. New revelations from the Snowden files.
9. ShroudedSnooper targets telecom providers in the Middle East.
10. Israeli spyware exploits ad systems.
11. MOVEit hack impacts 1,200 organizations.
Hashtags: #Cybersecurity #GoogleChronicle #OTfirewallservice #SignalProtocol #ElectionSecurity #Yubico #PizzaHut #BECscheme #SnowdenFiles #ShroudedSnooper #IsraeliSpyware #MOVEithack
Please note that the text provided contains a lot of irrelevant information, so the summary is based only on the relevant points extracted.
Elusive Sandman APT targets telecom giants with LuaJIT toolkit. Sandman launches targeted attacks on telecommunications providers in the Middle East, Western Europe, and South Asia. Sandman's tactics involve stealthy lateral movements and minimal interactions to avoid detection. Sandman uses a modular backdoor called LuaDream, built on the LuaJIT platform. Sandman's origins and motivations remain unknown, but its activities point to espionage. LuaDream showcases advanced sophistication and is actively evolving. Collaboration and information sharing are crucial in countering cyber threats.
https://www.infosecurity-magazine.com/news/sandman-apt-targets-telecom-giants/
1. Over 700 Dark Web ads offer DDoS attacks via IoT in 2023.
2. Prices for these services range from $20 per day to $10,000 a month.
3. The dark web also provides exploits for zero-day vulnerabilities in IoT devices.
4. Cybercriminals compete by developing features to counter rival malware.
5. Brute-force attacks and exploiting network service vulnerabilities are the primary methods of infecting IoT devices.
6. China, India, and the United States are the most active culprits in password brute-force attempts.
7. IoT devices face vulnerabilities from exploits in the services they use.
8. Vendors should prioritize cybersecurity for both consumer and industrial IoT devices.
9. Kaspersky's report emphasizes the need for a responsible approach to IoT security.
#DarkWeb #DDoS #IoT #Cybersecurity #Malware #Vulnerabilities #BruteForce #Exploits #CyberDangers #ProductSecurity
https://www.infosecurity-magazine.com/news/700-dark-web-ads-offer-ddos/
CISA and the NFL collaborate to secure Super Bowl LVIII. They conducted a cybersecurity tabletop exercise to enhance response capabilities. The exercise involved over 100 participants and focused on safeguarding against cyber attacks. The scenario included phishing, ransomware, data breach, and insider threats. This marks the tenth consecutive year of CISA's partnership with the NFL.
#SuperBowl #Cybersecurity #TabletopExercise
https://www.infosecurity-magazine.com/news/cisa-nfl-secure-super-bowl/
Phishing campaigns target hotel guests with a multi-stage attack that compromises the hotel's network. The attacker poses as the hotel and asks customers to re-confirm their credit card details. This phishing campaign has been active for at least four years and targets Asia. Hotel guests should exercise caution when receiving messages and verify their authenticity. #phishing #cybersecurity #cyberattack
https://cybersecuritynews.com/sophisticated-phishing-campaigns/
Summary: Three new Apple zero-day vulnerabilities have been discovered in multiple products, including iPhone, iPadOS, watchOS, Safari, and macOS. Apple has released security advisories and emergency updates to address these vulnerabilities. The affected products have been fixed in the latest versions, and users are advised to upgrade. #cybersecurity #zeroday #vulnerabilities
https://cybersecuritynews.com/3-new-apple-zero-day-vulnerabilities/
Clorox is struggling to recover from a cyber-attack that occurred in August. The company's operations are still experiencing major disruption, with manual ordering and processing being used. The attack damaged portions of Clorox's IT infrastructure and caused widescale disruption. The company expects to begin transitioning back to normal automated order processing in the week of September 25. The financial impact of the breach is still being assessed, but there will be a material impact on Q1 financial results. #Clorox #CyberAttack #BusinessImpact #DataBreach #Ransomware
https://www.infosecurity-magazine.com/news/clorox-struggling-recover-august/
Threat actor claims major TransUnion customer data breach. The breach includes the personally identifiable information (PII) of 58,505 individuals. The PII stolen includes names, passport information, credit scores, and loan information. The threat actor has also targeted other companies in the aerospace industry and claims to have compromised NATO. The breach highlights the need for organizations to take proactive measures to prevent breaches. #TransUnion #DataBreach #PII #Cybersecurity #IdentityTheft
https://www.infosecurity-magazine.com/news/threat-actor-transunion-customer/
Massive phishing attack targets 40+ Colombian companies. Attackers use Remcos malware for control and malicious activities. Attack initiated through deceptive emails and attachments. Obfuscated batch files and .NET modules used for evasion and loading the final payload. Remcos malware enables unauthorized access, data theft, and remote surveillance. #cybersecurity #phishingattack
AWS cryptojacking campaign abuses less-used services to hide. AMBERSQUID campaign exploits cloud services without triggering AWS approval processes. Attackers target services like AWS Amplify, AWS Fargate, and Amazon SageMaker. Attackers create roles in different services to host and execute miners. They abuse AWS CodeCommit, AWS CloudWatch, AWS CodeBuild, AWS CloudFormation, and Amazon EC2 Auto Scaling. Attackers also target Amazon ECS and Amazon SageMaker. Victims can incur running costs of $2,244 per day. Hashtags: #AWS #cryptojacking #cloudsecurity #AMBERSQUID