• New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
    by info@thehackernews.com (The Hacker News) on September 22, 2023 at 2:48 pm

    An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. “The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number,”

  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
    by info@thehackernews.com (The Hacker News) on September 22, 2023 at 10:50 am

    Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation.  This testing is critical for evaluating vendors because it’s virtually impossible to evaluate cybersecurity vendors based on their own

  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
    by info@thehackernews.com (The Hacker News) on September 22, 2023 at 9:25 am

    Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously documented first-stage backdoors called Solar and Mango, which were deployed to collect sensitive information from major browsers and the Windows Credential

  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
    by info@thehackernews.com (The Hacker News) on September 22, 2023 at 8:00 am

    Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new versions shipped last month. This includes – CVE-2022-25647 (CVSS score: 7.5) – A deserialization

  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
    by info@thehackernews.com (The Hacker News) on September 22, 2023 at 2:11 am

    Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows – CVE-2023-41991 – A certificate validation issue in the Security framework that could allow a

  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
    by info@thehackernews.com (The Hacker News) on September 21, 2023 at 7:55 pm

    A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunic koation providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time (JIT) compiler for the Lua programming language known as LuaJIT as a vehicle to deploy a novel implant called LuaDream. “The activities we

  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
    by info@thehackernews.com (The Hacker News) on September 21, 2023 at 12:51 pm

    The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023. “This increase in P2PInfect traffic has coincided with a growing number of variants seen in the wild, suggesting that the malware’s developers are operating at an extremely high development cadence,” Cado Security researcher Matt Muir

  • The Rise of the Malicious App
    by info@thehackernews.com (The Hacker News) on September 21, 2023 at 10:38 am

    Security teams are familiar with threats emanating from third-party applications that employees add to improve their productivity. These apps are inherently designed to deliver functionality to users by connecting to a “hub” app, such as Salesforce, Google Workspace, or Microsoft 365. Security concerns center on the permission scopes that are granted to the third party apps, and the potential

  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
    by info@thehackernews.com (The Hacker News) on September 21, 2023 at 9:39 am

    China’s Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei’s servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions between the two countries. In a message posted on WeChat, the government authority said U.S. intelligence agencies have “done everything possible” to conduct surveillance, secret theft, and intrusions on

  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers
    by info@thehackernews.com (The Hacker News) on September 21, 2023 at 9:11 am

    A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). “This financially motivated

  • Ukrainian Hacker Suspected to be Behind “Free Download Manager” Malware Attack
    by info@thehackernews.com (The Hacker News) on September 21, 2023 at 8:48 am

    The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software. “It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software,” it said in an alert last week. “Only a small subset of users, specifically

  • Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with Venom RAT
    by info@thehackernews.com (The Hacker News) on September 21, 2023 at 5:03 am

    A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware. “The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked

  • Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise 
    by Tanmay Ganacharya on September 20, 2023 at 1:00 pm

    ​For the fifth consecutive year, Microsoft 365 Defender demonstrated leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and showcases Microsoft 365 Defender as a leading solution, enabled by next-gen protection, industry-first capabilities like automatic attack disruption, and more. The post Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise  appeared first on Microsoft Security Blog.

  • Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace
    by info@thehackernews.com (The Hacker News) on September 20, 2023 at 12:51 pm

    Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022. “The site operated as a hidden service in the encrypted TOR network,” the Finnish Customs (aka Tulli) said in a brief announcement on Tuesday. “The site has been used in anonymous criminal activities such as narcotics trade.” The agency

  • Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
    by info@thehackernews.com (The Hacker News) on September 20, 2023 at 12:38 pm

    Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, with

  • Do You Really Trust Your Web Application Supply Chain?
    by info@thehackernews.com (The Hacker News) on September 20, 2023 at 10:34 am

    Well, you shouldn’t. It may already be hiding vulnerabilities. It’s the modular nature of modern web applications that has made them so effective. They can call on dozens of third-party web components, JS frameworks, and open-source tools to deliver all the different functionalities that keep their customers happy, but this chain of dependencies is also what makes them so vulnerable. Many of

  • Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
    by info@thehackernews.com (The Hacker News) on September 20, 2023 at 10:13 am

    Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far: @am-fe/hooks, @am-fe/provider, @am-fe/request, @am-fe/utils, @am-fe/watermark, @am-fe/watermark-core,

  • Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT
    by info@thehackernews.com (The Hacker News) on September 20, 2023 at 9:56 am

    Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new trojan called ValleyRAT. “Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity,” enterprise security firm Proofpoint said in a report shared with The

  • Signal Messenger Introduces PQXDH Quantum-Resistant Encryption
    by info@thehackernews.com (The Hacker News) on September 20, 2023 at 9:29 am

    Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). “With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current

  • GitLab Releases Urgent Security Patches for Critical Vulnerability
    by info@thehackernews.com (The Hacker News) on September 20, 2023 at 7:18 am

    GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. “It was possible for an attacker to run pipelines as an arbitrary user via scheduled

  • Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability
    by info@thehackernews.com (The Hacker News) on September 20, 2023 at 5:28 am

    Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that’s bundled along with the software. The complete list of impacted

  • Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
    by Joy Chik on September 19, 2023 at 4:00 pm

    Microsoft is proud to be recognized as a Leader in The Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. The post Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report appeared first on Microsoft Security Blog.

  • ShroudedSnooper’s HTTPSnoop Backdoor Targets Middle East Telecom Companies
    by info@thehackernews.com (The Hacker News) on September 19, 2023 at 12:35 pm

    Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. “HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content on the

  • Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign
    by info@thehackernews.com (The Hacker News) on September 19, 2023 at 12:05 pm

    Targets located in Azerbaijan have been singled out as part of a new campaign that’s designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor or group. “The operation has at least two different initial access vectors,” security researchers

  • Inside the Code of a New XWorm Variant
    by info@thehackernews.com (The Hacker News) on September 19, 2023 at 11:32 am

    XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe.  Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power.  The analyst team at ANY.RUN came across the newest

  • Earth Lusca’s New SprySOCKS Linux Backdoor Targets Government Entities
    by info@thehackernews.com (The Hacker News) on September 19, 2023 at 11:10 am

    The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary’s attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on

  • Live Webinar: Overcoming Generative AI Data Leakage Risks
    by info@thehackernews.com (The Hacker News) on September 19, 2023 at 10:29 am

    As the adoption of generative AI tools, like ChatGPT, continues to surge, so does the risk of data exposure. According to Gartner’s “Emerging Tech: Top 4 Security Risks of GenAI” report, privacy and data security is one of the four major emerging risks within generative AI. A new webinar featuring a multi-time Fortune 100 CISO and the CEO of LayerX, a browser extension solution, delves into this

  • Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data
    by info@thehackernews.com (The Hacker News) on September 19, 2023 at 9:31 am

    Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company’s AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-source training data, Wiz said. It also included a disk backup of two former employees’ workstations containing secrets

  • Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability
    by info@thehackernews.com (The Hacker News) on September 19, 2023 at 9:30 am

    New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which discovered a new exploit for CVE-2023-36845, said it could be exploited by an “unauthenticated and remote attacker to execute arbitrary code on Juniper firewalls without creating a file on the system.” CVE-2023-36845 refers to a

  • Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware
    by info@thehackernews.com (The Hacker News) on September 19, 2023 at 6:56 am

    The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. “CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects,” SentinelOne security

  • New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services
    by info@thehackernews.com (The Hacker News) on September 18, 2023 at 12:30 pm

    A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm Sysdig. “The AMBERSQUID operation was able to exploit cloud services without triggering the AWS

  • Think Your MFA and PAM Solutions Protect You? Think Again
    by info@thehackernews.com (The Hacker News) on September 18, 2023 at 12:21 pm

    When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) solutions are almost never deployed comprehensively enough to provide resilience to identity

  • Hook: New Android Banking Trojan That Expands on ERMAC’s Legacy
    by info@thehackernews.com (The Hacker News) on September 18, 2023 at 12:11 pm

    A new analysis of the Android banking trojan known as Hook has revealed that it’s based on its predecessor called ERMAC. “The ERMAC source code was used as a base for Hook,” NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. “All commands (30 in total) that the malware operator can send to a device infected with ERMAC malware, also

  • Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token
    on September 18, 2023 at 7:00 am

    Summary Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account.

  • Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients
    by info@thehackernews.com (The Hacker News) on September 18, 2023 at 7:00 am

    Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a “dark pattern.” “The fact that Google Authenticator syncs to

  • Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
    by info@thehackernews.com (The Hacker News) on September 18, 2023 at 3:16 am

    The financially motivated threat actor known as UNC3944 is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. “UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group,

  • North Korea’s Lazarus Group Suspected in $31 Million CoinEx Heist
    by info@thehackernews.com (The Hacker News) on September 17, 2023 at 6:32 am

    The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets from the CoinEx exchange on September 12, 2023. The crypto heist aimed at

  • TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.
    by info@thehackernews.com (The Hacker News) on September 16, 2023 at 1:00 pm

    The Irish Data Protection Commission (DPC) slapped TikTok with a €345 million (about $368 million) fine for violating the European Union’s General Data Protection Regulation (GDPR) in relation to its handling of children’s data. The investigation, initiated in September 2021, examined how the popular short-form video platform processed personal data relating to child users (those between the

  • The Interdependence between Automated Threat Intelligence Collection and Humans
    by info@thehackernews.com (The Hacker News) on September 15, 2023 at 11:13 am

    The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023. The MOVEit attack has claimed over 600 victims so far and that number is still

  • Google Agrees to $93 Million Settlement in California’s Location-Privacy Lawsuit
    by info@thehackernews.com (The Hacker News) on September 15, 2023 at 11:10 am

    Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company’s location-privacy practices misled consumers and violated consumer protection laws. “Our investigation revealed that Google was telling its users one thing – that it would no longer track their location once they opted out – but doing the opposite and continuing to

  • DDoS 2.0: IoT Sparks New DDoS Alert
    by info@thehackernews.com (The Hacker News) on September 15, 2023 at 10:25 am

    The Internet of Things (IoT) is transforming efficiency in various sectors like healthcare and logistics but has also introduced new security risks, particularly IoT-driven DDoS attacks. This article explores how these attacks work, why they’re uniquely problematic, and how to mitigate them. What Is IoT? IoT (Internet of Things) refers to online, interconnected devices that collect and exchange

  • NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers
    by info@thehackernews.com (The Hacker News) on September 15, 2023 at 10:20 am

    An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims’ credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities.  “The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology

  • Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads
    by info@thehackernews.com (The Hacker News) on September 15, 2023 at 8:49 am

    The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. “This suggests that the threat actors are streamlining operations by making their techniques multipurpose,” Trend Micro researchers said in a new analysis published this

  • Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors
    by info@thehackernews.com (The Hacker News) on September 15, 2023 at 4:14 am

    Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate

  • Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
    by Microsoft Threat Intelligence on September 14, 2023 at 4:30 pm

    Since February 2023, Microsoft has observed a high volume of password spray attacks attributed to Peach Sandstorm, an Iranian nation-state group. In a small number of cases, Peach Sandstorm successfully authenticated to an account and used a combination of publicly available and custom tools for persistence, lateral movement, and exfiltration. The post Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets appeared first on Microsoft Security Blog.

  • Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems
    by info@thehackernews.com (The Hacker News) on September 14, 2023 at 2:07 pm

    A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. “Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program’s context or perform other malicious

  • Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years
    by info@thehackernews.com (The Hacker News) on September 14, 2023 at 1:18 pm

    A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active. “

  • Avoid These 5 IT Offboarding Pitfalls
    by info@thehackernews.com (The Hacker News) on September 14, 2023 at 11:36 am

    Employee offboarding is no one’s favorite task, yet it is a critical IT process that needs to be executed diligently and efficiently. That’s easier said than done, especially considering that IT organizations have less visibility and control over employees’ IT use than ever. Today, employees can easily adopt new cloud and SaaS applications whenever and wherever they want, and the old IT

  • Uncursing the ncurses: Memory corruption vulnerabilities found in library
    by Microsoft Threat Intelligence on September 14, 2023 at 11:30 am

    A set of memory corruption vulnerabilities in the ncurses library could have allowed attackers to chain the vulnerabilities to elevate privileges and run code in the targeted program’s context or perform other malicious actions. The post Uncursing the ncurses: Memory corruption vulnerabilities found in library appeared first on Microsoft Security Blog.

  • N-Able’s Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation
    by info@thehackernews.com (The Hacker News) on September 14, 2023 at 9:52 am

    A high-severity security flaw has been disclosed in N-Able’s Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 (CVSS score: 8.8), the issue relates to a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows

  • Russian Journalist’s iPhone Compromised by NSO Group’s Zero-Click Spyware
    by info@thehackernews.com (The Hacker News) on September 14, 2023 at 8:51 am

    The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group’s Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened on or around February 10, 2023. Timchenko is the executive editor and owner of Meduza, an independent news publication

  • Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints
    by info@thehackernews.com (The Hacker News) on September 13, 2023 at 2:05 pm

    Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August

  • Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service
    by info@thehackernews.com (The Hacker News) on September 13, 2023 at 1:31 pm

    More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. “The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions,

  • Webinar: Identity Threat Detection & Response (ITDR) – Rips in Your Identity Fabric
    by info@thehackernews.com (The Hacker News) on September 13, 2023 at 11:46 am

    In today’s digital age, SaaS applications have become the backbone of modern businesses. They streamline operations, enhance productivity, and foster innovation. But with great power comes great responsibility. As organizations integrate more SaaS applications into their workflows, they inadvertently open the door to a new era of security threats. The stakes? Your invaluable data and the trust

  • Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family
    by info@thehackernews.com (The Hacker News) on September 13, 2023 at 9:56 am

    A new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in which an unidentified affiliate deployed the strain following an unsuccessful attempt to deliver LockBit (attributed to Bitwise Spider or Syrphid) in the target network. “3AM is written in Rust and appears to be a completely new malware family,” the Symantec Threat Hunter Team, part of

  • Patch Tuesday Update – September 2023
    by Catherine Zack on September 12, 2023 at 10:15 pm

    Today’s Microsoft Security Update includes Microsoft Patch Tuesday checks in the NIRV 4.28.0 and Frontline Agent 1.64.0 releases. CVE/Advisory Title Tag Microsoft Severity Rating Base Score Microsoft Impact Exploited Publicly Disclosed CVE-2023-35355 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Important 7.8 Elevation of Privilege No No CVE-2023-38162 DHCP […] Read More… from Patch Tuesday Update – September 2023 The post Patch Tuesday Update – September 2023 appeared first on Vulnerability Security Testing & DAST | Beyond Security.

  • Malware distributor Storm-0324 facilitates ransomware access
    by Microsoft Threat Intelligence on September 12, 2023 at 5:00 pm

    The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool The post Malware distributor Storm-0324 facilitates ransomware access appeared first on Microsoft Security Blog.

  • Cloud storage security: What’s new in the threat matrix
    by Microsoft Threat Intelligence on September 7, 2023 at 5:00 pm

    We’re announcing the release of a second version of our threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. The post Cloud storage security: What’s new in the threat matrix appeared first on Microsoft Security Blog.

  • Results of Major Technical Investigations for Storm-0558 Key Acquisition
    on September 6, 2023 at 7:00 am

    On July 11, 2023, Microsoft published a blog post which details how the China-Based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA and Outlook.com. Upon identifying that the threat actor had acquired the consumer key, Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email.

  • Navigating privacy in a data-driven world with Microsoft Priva
    by Kacey Lemieux on August 31, 2023 at 4:00 pm

    As the world becomes more data-driven and the privacy landscape continues to evolve, the need to take a proactive privacy approach increases. Here’s how Microsoft Priva can help. The post Navigating privacy in a data-driven world with Microsoft Priva appeared first on Microsoft Security Blog.

  • Flax Typhoon using legitimate software to quietly access Taiwanese organizations
    by Microsoft Threat Intelligence on August 24, 2023 at 4:30 pm

    China-based actor Flax Typhoon is exploiting known vulnerabilities for public-facing servers, legitimate VPN software, and open-source malware to gain access to Taiwanese organizations, but not taking further action. The post Flax Typhoon using legitimate software to quietly access Taiwanese organizations appeared first on Microsoft Security Blog.

  • Cybersecurity Heats Up in the Summer
    by Catherine Zack on August 18, 2023 at 2:06 pm

    Find out how summer can make organizations particularly vulnerable to cyber attacks and how offensive security strategies and solutions can reduce the risk of seasonal threats. […] Read More… from Cybersecurity Heats Up in the Summer The post Cybersecurity Heats Up in the Summer appeared first on Vulnerability Security Testing & DAST | Beyond Security.

  • 9 Vulnerability Management Pitfalls to Avoid
    by Fortra Staff on August 16, 2023 at 9:17 pm

    Vulnerability management (VM) can seem unmanageable at times. But the key to successful VM is working smarter rather than harder. If you approach VM intelligently and prioritize appropriately, you can keep the number of resulting tasks from spiraling out of control. As with any on-going security practice, there are countless ways you can botch VM. […] Read More… from 9 Vulnerability Management Pitfalls to Avoid The post 9 Vulnerability Management Pitfalls to Avoid appeared first on Vulnerability Security Testing & DAST | Beyond Security.

  • How the Microsoft Incident Response team helps customers remediate threats
    by Microsoft Incident Response on August 15, 2023 at 4:00 pm

    Microsoft Incident Response is a global team comprised of cybersecurity experts with deep, highly specialized knowledge in breach detection, response, and recovery. The post How the Microsoft Incident Response team helps customers remediate threats appeared first on Microsoft Security Blog.

  • Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS 
    by Microsoft Threat Intelligence on August 11, 2023 at 12:00 am

    Microsoft researchers identified multiple high-severity vulnerabilities in the CODESYS V3 SDK that could put operational technology (OT) infrastructure at risk of attacks, such as remote code execution (RCE) and denial of service (DoS). The post Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS  appeared first on Microsoft Security Blog.

  • Azure Serial Console Attack and Defense – Part 1
    on August 10, 2023 at 7:00 am

    Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that’s available for free for everyone. While the primary intent of this feature is to assist users debug their machine, there are several interesting ways to abuse the features and compromise sensitive information.

  • Updating our Vulnerability Severity Classification for AI Systems
    on August 8, 2023 at 7:00 am

    The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. To this end, we are announcing the Microsoft Vulnerability Severity Classification for AI Systems, an update to Microsoft’s existing vulnerability severity classification (i.

  • Congratulations to the MSRC 2023 Most Valuable Security Researchers!
    on August 8, 2023 at 7:00 am

    The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most Valuable Researchers (MVRs) based on the total number of points earned for each valid report.

  • Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards
    on August 7, 2023 at 7:00 am

    We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this valuable collaboration, we have awarded $13.

  • Microsoft mitigates Power Platform Custom Code information disclosure vulnerability
    on August 4, 2023 at 7:00 am

    Summary Summary On 30 March 2023, Tenable informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a security issue concerning Power Platform Custom Connectors using Custom Code. This feature allows customers to write code for custom connectors. This issue has been fully addressed for all customers and no customer remediation action is required.

  • BlueHat October 2023 Call for Papers is Now Open!
    on July 27, 2023 at 7:00 am

    As you may have seen on social media, the next BlueHat conference will be October 11 – 12, 2023, on Microsoft’s Redmond campus in Washington state, USA. The Call for Papers (CFP) is now open through August 18, 2023. The BlueHat community is a unique blend of security researchers and responders from both inside and outside of Microsoft, who come together as peers to exchange ideas, experiences, and learnings in the interest of creating a safer and more secure world for all.

  • Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form
    on July 20, 2023 at 7:00 am

    Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain insights and identify trends across multiple reported security vulnerabilities. The additional fields are not mandatory fields to submit a report.

  • From Bounty Leaderboards to Microsoft Security Researcher, Meet Cameron Vincent!
    on July 17, 2023 at 7:00 am

    Fun Facts: Game you binged: Guitar Hero and Rock Band fanatic. Go to snack: Nutri-Grain Bars. Favorite Drink: Soda – Coca Cola specifically. Favorite Place: Singapore – stayed an extra week after a hacking collaboration and truly fell in love and hopes to get back as soon as possible. Favorite Movie/Genre: Parasite – Korean Cinema, had been watching Koren Cinema before it became a thing.

  • What to Expect When Reporting Vulnerabilities to Microsoft
    on July 14, 2023 at 9:00 am

    At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers get fixed.

  • Congratulations to the Top MSRC 2023 Q2 Security Researchers!
    on July 14, 2023 at 7:00 am

    Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q2 Security Researcher Leaderboard are: Yuki Chen, HAO LI, wkai! Check out the full list of researchers recognized this quarter here.

  • Patch Tuesday Update – July 2023
    by Fortra Staff on July 11, 2023 at 9:08 pm

    Today’s Microsoft Security Update addressed 130 vulnerabilities, including 9 that are rated as Critical.  This is double the number fixed from last month, June 2023. Microsoft included two security advisories this month, ADV230001 and ADV230002.The ADV230001 security advisory addresses some drivers that were certified by the Microsoft’s Windows Hardware Developer Program (MWHDP) that have been used […] Read More… from Patch Tuesday Update – July 2023 The post Patch Tuesday Update – July 2023 appeared first on Vulnerability Security Testing & DAST | Beyond Security.

  • Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
    on July 11, 2023 at 7:00 am

    UPDATE: Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. Our technical investigation has concluded, and on September 6, 2023, we published our investigation findings. Microsoft has released threat analysis on Storm-0558 activity here. Microsoft additionally released additional defense-in-depth security fixes to help customers improve token validation in their custom applications.

  • How Enterprise VM Keeps Up with Modern Threats
    by Fortra Staff on June 29, 2023 at 7:28 pm

    Vulnerability management is known for being a foundational cybersecurity practice. While open-source VM solutions have perhaps provided an introduction to the benefits of VM, the modern threat landscape makes it so organizations need more advanced and reliable tools to stay secure. Here’s why enterprise grade VM solutions are more essential now than ever.  Beating complexity with […] Read More… from How Enterprise VM Keeps Up with Modern Threats The post How Enterprise VM Keeps Up with Modern Threats appeared first on Vulnerability Security Testing & DAST | Beyond Security.

  • Breaking Barriers: Aditi’s Journey Through Sight Loss to Microsoft AI Innovator
    on June 28, 2023 at 7:00 am

    Facts about Aditi Shah: Tools she uses: Aditi’s main tool is JAWS, a screen reader from Freedom Scientific, which she touts as the best in the market. This tool has made her digital life more manageable, enabling her to perform almost any task independently. Aditi also uses Seeing AI, a Microsoft app that she uses for important life tasks, like reading her mail, providing descriptions of different products, identifying colors for her outfits, and more.

  • BeSTORM Release 13.1.0
    by Fortra Staff on June 27, 2023 at 2:32 pm

    Enhancements At Beyond Security, we continually strive to improve our products with updates and enhancements that are often customer driven. Below are the enhancements from our latest beSTORM release: *NOTE: If your projects use these modules, substitute them with the IEEE802.11 (Subscriber – Simple), CG4579 (Over PCAN), and Running Speed and Cadence modules. Contact Us […] Read More… from BeSTORM Release 13.1.0 The post BeSTORM Release 13.1.0 appeared first on Vulnerability Security Testing & DAST | Beyond Security.

  • Potential Risk of Privilege Escalation in Azure AD Applications
    on June 20, 2023 at 7:00 am

    Summary Summary Microsoft has developed mitigations for an insecure anti-pattern used in Azure AD (AAD) applications highlighted by Descope, and reported to Microsoft, where use of the email claim from access tokens for authorization can lead to an escalation of privilege. An attacker can falsify the email claim in tokens issued to applications.

  • Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks
    on June 16, 2023 at 7:00 am

    Summary Summary Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359. These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.

  • Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry
    on June 14, 2023 at 7:00 am

    Summary Summary Microsoft recently mitigated a set of cross-site scripting vulnerabilities affecting Azure Bastion and Azure Container Registry (ACR). Exploitation of these vulnerabilities could have potentially allowed for an unauthorized user to gain access to a target user’s session within the compromised Azure service, and subsequently lead to data tampering or resource modification.

  • Hey Yara, find some vulnerabilities
    on June 8, 2023 at 7:00 am

    Intro Intro Finding vulnerabilities in software is no easy task by itself. Doing this at cloud scale is very challenging to perform manually, and we use tools to help us identify patterns or vulnerability signatures. Yara is one of those tools. Yara is a very popular tool with Blue teams, malware researchers, and for good reason.

  • Frontline VM Release 6.5.4
    by Fortra Staff on May 22, 2023 at 3:50 pm

    As part of the Infrastructure Protection Fortra family, Frontline VM and BeSECURE are a tandem solution. Each release helps update and pave the way for additional vulnerability management features and improvements.  Based off of user feedback, here are the recent updates for Frontline VM. Linux Agent Scan Linux assets that are not always connected to […] Read More… from Frontline VM Release 6.5.4 The post Frontline VM Release 6.5.4 appeared first on Vulnerability Security Testing & DAST | Beyond Security.

  • Announcing The BlueHat Podcast: Listen and Subscribe Now!
    on May 17, 2023 at 7:00 am

    Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available to watch here). Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers: to debate, discuss, share, challenge, celebrate and learn.

  • Guidance related to Secure Boot Manager changes associated with CVE-2023-24932
    on May 9, 2023 at 7:00 am

    Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against this vulnerability. This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware Interface (UEFI) level while Secure Boot is enabled.

  • Microsoft Vulnerability Severity Classification for Online Services Publication
    on April 18, 2023 at 7:00 am

    The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. We have published a new Microsoft Vulnerability Severity Classification for Online Services to provide additional information about our approach to online services and web applications.

  • Congratulations to the Top MSRC 2023 Q1 Security Researchers!
    on April 13, 2023 at 7:00 am

    Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q1 Security Researcher Leaderboard are: Kai Lu (@K3vinLuSec), Yuki Chen, and wh1tc & Edwardzpeng! Check out the full list of researchers recognized this quarter here.

  • Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access
    on April 11, 2023 at 7:00 am

    Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with various security best practices. This is particularly important in deploying Azure Functions and in provisioning Azure Role Based Access Control as customers are responsible for configuring and managing applications, identity, and data.

  • Vintage Vulnerabilities: New Attacks Can Exploit Old Weaknesses
    by Fortra Staff on March 29, 2023 at 8:56 pm

    Popular entertainment would have us believe that hackers are all sophisticated attackers ready to strike the latest vulnerabilities. That is sometimes true, but it’s become increasingly apparent that whether it’s the latest zero-day bug or something that was discovered the same year Apple released the iPad, hackers are equal-opportunity offenders.     “Classic” Vulnerabilities Cybersecurity professionals know […] Read More… from Vintage Vulnerabilities: New Attacks Can Exploit Old Weaknesses The post Vintage Vulnerabilities: New Attacks Can Exploit Old Weaknesses appeared first on Vulnerability Security Testing & DAST | Beyond Security.

  • Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD
    on March 29, 2023 at 7:00 am

    Summary Summary Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Wiz, and reported to Microsoft, that impacted a small number of our internal applications. The misconfiguration allowed external parties read and write access to the impacted applications. Microsoft immediately corrected the misconfiguration and added additional authorization checks to address the issue and confirmed that no unintended access had occurred.

  • Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
    on March 14, 2023 at 1:00 pm

    May 9, 2023 update: Releases for Microsoft Products has been updated with the release of CVE-2023-29324 – Security Update Guide – Microsoft – Windows MSHTML Platform Security Feature Bypass Vulnerability March 24, 2023 update: Impact Assessment has been updated to a link to Guidance for investigating attacks using CVE-2023-23397 – Microsoft Security Blog.

  • Azure Kubernetes Service (AKS) Threat Hunting
    on March 1, 2023 at 8:00 am

    As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also extended to adversaries. As adversaries leverage Kubernetes to run their workloads, their understanding of how these platforms work and can be exploited increases.

  • Configuring host-level audit logging for AKS VMSS
    on March 1, 2023 at 8:00 am

    This blog post runs you through how to enable and configure Linux audit logging on your Azure Kubernetes Service (AKS) Virtual Machine Scale Set (VMSS) using the Linux auditing subsystem, also known as auditd. Warning The information provided below is accurate as of the release date of this blog post (2023-03) and guidance may change in future.

  • First steps in CHERIoT Security Research
    on February 28, 2023 at 8:00 am

    At Microsoft, we invest a lot of time researching and investigating possibilities in our journey to memory safety. Because the massive majority of existing codebases are written in unsafe programming languages, the task of protecting legacy code is very important. Hardware solutions are an attractive approach because they introduce very powerful security properties with low overheads compared to purely software solutions.

  • New MSRC Blog Site
    on February 8, 2023 at 8:00 am

    We are excited to announce the release of the new Microsoft Security Response Center (MSRC) blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved site performance, search, categories, and tags to help users easily find content.

  • BlueHat 2023: Connecting the security research community with Microsoft
    on February 6, 2023 at 8:00 am

    We’re excited to welcome more than 400 members of the security research community from around the world to Redmond, Washington for BlueHat 2023. Hosted by the Microsoft Security Response Center (MSRC), BlueHat is where the security research community, and Microsoft security professionals, come together as peers to connect, share, learn, and exchange ideas in the interest of creating a safer and more secure world for all.

  • Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process
    on January 31, 2023 at 8:00 am

    Summary Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program (MCPP) (formerly known as Microsoft Partner Network (MPN)). The actor used fraudulent partner accounts to add a verified publisher to OAuth app registrations they created in Azure AD.