Skip to main content
To Customer Support To Customer Support

Welcome

News, Announcements, Tech Discussions

44849 Topics
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Intel® Product Security Center Advisories November 12, 2024

Intel is focused on ensuring the security of our customers computing environments. We are committed to rapidly addressing issues as they arise, and providing recommendations through security advisories and security notices.Security advisories are fixes or workarounds for vulnerabilities identified with Intel products. See list here

30
TripleHelix
Moderator
8 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert Citrix Releases Security Updates for NetScaler and Citrix Session Recording Release Date November 12, 2024

Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the following and apply necessary updates:   NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535Citrix Session Recording Security Bulletin for CVE-2024-8068 and CVE-2024-8069https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security-updates-netscaler-and-citrix-session-recording

40
TripleHelix
Moderator
8 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Vulnerability Summary for the Week of November 4, 2024 Released Nov 12, 2024

Document IDSB24-317 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:High: vulnerabilities with a CVSS base score of 7.0–10.0 Medium: vulnerabilities with a CVSS base score of 4.0–6.9 Low: vulnerabilities with a CVSS base score of 0.0–3.9Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is comp

20
TripleHelix
Moderator
8 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
SAP Security Patch Day – November 2024

On 12th of November 2024, SAP Security Patch Day saw the release of 8 new Security Notes. Further, there were 2 updates to previously released Security Notes. See list here

60
TripleHelix
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Hot Topic Breach Confirmed, Millions of Credit Cards, Email Addresses Exposed

The stolen database contains 54 million unique email addresses and 'lightly encrypted' credit card information for 25 million users, which can be decrypted, according to Atlas Privacy. November 6, 2024 By Michael Kan  (Credit: Hot Topic)It looks like the reported breach at fashion retailer Hot Topic is real, according to a privacy company that obtained a copy of the company’s stolen database from the hacker selling it.In some good news, the 730GB database doesn’t contain customer details on 350 million users as the hacker previously boasted. Still, it holds unique email addresses on 54 million users, according toAtlas Privacy, which has been analyzing the stolen information. The other alarming discovery is that the database contains details on 25 million credit card numbers, which have only been “lightly encrypted,” making it possible to decrypt the data, including their expiration date numbers, Atlas Privacy told PCMag in an interview. “It’s very likely we’ll decrypt the whole thing i

71
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Flexible Structure of Zip Archives Exploited to Hide Malware Undetected

 Attackers abuse concatenation, a method that involves appending multiple zip archives into a single file, to deliver a variant of the SmokeLoader Trojan hidden in malicious attachments delivered via phishing November 11, 2024 By Elizabeth Montalbano Threat actors are exploiting the various ways that zip files combine multiple archives into one file as an anti-detection tactic in phishing attacks that deliver various Trojan malware strains, including SmokeLoader.Attackers are abusing the structural flexibility of zip files through a technique known as concatenation, a method that involves appending multiple zip archives into a single file, new research from Perception Point has found. In this method, the combined file appears as one archive that actually contains multiple central directories, each pointing to different sets of file entries.However, "this discrepancy in handling concatenated zips allows attackers to evade detection tools by hiding malicious payloads in parts of the arch

30
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
FBI Warns US Organizations of Fake Emergency Data Requests Made by Cybercriminals

The FBI is seeing an increase in threat actors using fake emergency data requests to harvest information from US companies. November 11, 2024 By Ionut Arghire The FBI has issued an alert to warn US-based companies and law enforcement agencies that threat actors are sending fake emergency data requests with the goal of harvesting personally identifiable information (PII).An emergency data request enables law enforcement agencies to obtain information from online service providers in emergency situations, when there is no time to get a subpoena.Emergency data requests have been abused by Lapsus$ and other threat actors, but the FBI has observed a spike in cybercrime forum posts related to the process of emergency data requests. >>Full Article<<

20
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Hello again, FakeBat: popular loader returns after months-long hiatus

 November 8, 2024 By Jérôme Segura The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While we noted a decrease in loaders distributed via malvertising for the past 3 months, today’s example is a reminder that threat actors can quickly switch back to tried and tested methods.After months of absence, Fakebat (AKA Eugenloader, PaykLoader) showed up on our radar again via a malicious Google ad for the productivity application Notion. FakeBat is a unique loader that has been used to drop follow-up payloads such as Lumma stealer.In this blog post, we detail how criminals are targeting their victims and what final malware payload they are delivering post initial infection. The incident was found and reported to Google on the same day as this publication.Google Ads distributionLast time we saw FakeBat was on July 25 2024, via a malicious ad for Calendly, a popular online scheduling application. In that instance, FakeBat’s comma

40
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Amazon confirms employee data breach after vendor hack

November 11, 2024 By Sergiu Gatlan Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum.The threat actor behind this data leak, known as Nam3L3ss, published over 2.8 million lines of Amazon employee data, including names, contact information, building locations, email addresses, and more.Amazon spokesperson Adam Montgomery confirmed Nam3L3ss' claims, adding that this data was stolen from systems belonging to a third-party service provider."Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon," Montgomery said. >>Full Article<<

30
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Malicious PyPI package with 37,000 downloads steals AWS keys

November 9, 2024 By Bill Toulas A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers.According to application security company Socket, the package has been downloaded more than 37,000 times and executes platform-specific scripts for Windows and Linux.The large number of downloads is accounted by fabrice typosquatting the legitimate SSH remote server management package “fabric,” a very popular library with more than 200 million downloads.An expert explained to BleepingComputer that that fabrice remained undetected for so long because advanced scanning tools were deployed after its initial submission on PyPI, and very few solutions conducted retroactive scans. >>Full Article<<

100
Jasper_The_Rasper
Moderator
11 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Water Cooler
Congrats MajorHavoc on being a Bronze VIP!

Congrats @MajorHavoc on making it to Bronze VIP!  

324
Ssherjj
Moderator
11 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Androxgh0st botnet integrates Mozi payloads to target IoT devices

November 8, 2024 By Lucian Constantin The malware has added exploits for more web applications and devices to its arsenal and some of them seem to be inherited from an older botnet called Mozi. Credit: DC Studio / Shutterstock Androxgh0st, a botnet known to steal cloud credentials and exploit vulnerabilities in web frameworks and servers, is now also targeting IoT devices such as home routers, security firm CloudSEK said in a new report.It seems that some of the IoT exploits have been borrowed from a Chinese botnet dubbed Mozi that was believed to be defunct.Since January, when Androxgh0st was the subject of a joint FBI and CISA advisory, the botnet operators appear to have integrated exploits for additional vulnerabilities aside from the IoT ones. The technologies targeted now include Cisco ASA, Atlassian JIRA, Metabase GeoJSON, Oracle EBS and Sophos Firewall. >>Full Article<<

20
Jasper_The_Rasper
Moderator
12 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
D-Link won’t fix critical flaw affecting 60,000 older NAS devices

November 8, 2024 By Bill Toulas More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score and is present in the ‘cgi_user_add’ command where the name parameter is insufficiently sanitized.An unauthenticated attacker could exploit it to inject arbitrary shell commands by sending specially crafted HTTP GET requests to the devices.The flaw impacts multiple models of D-Link network-attached storage (NAS) devices that are commonly used by small businesses:DNS-320 Version 1.00 DNS-320LW Version 1.01.0914.2012 DNS-325 Version 1.01,  Version 1.02 DNS-340L Version 1.08In a technical write-up that provides exploit details, security researcher Netsecfish says that leveraging the vulnerability requires sending "a crafted HTTP GET request to the NAS device with malicious input in the name parameter.” >>Full Ar

20
Jasper_The_Rasper
Moderator
12 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Palo Alto Networks warns of potential PAN-OS RCE vulnerability

November 8, 2024 By Sergiu Gatlan Today, cybersecurity company Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface.In a security advisory published on Friday, the company said it doesn't yet have additional information regarding this alleged security flaw and added that it has yet to detect signs of active exploitation."Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface. At this time, we do not know the specifics of the claimed vulnerability. We are actively monitoring for signs of any exploitation," it said."We strongly recommend customers to ensure access to your management interface is configured correctly in accordance with our recommended best practice deployment guidelines. >>Full Article<<

40
Jasper_The_Rasper
Moderator
12 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
China-Backed MirrorFace Trains Sights on EU Diplomatic Corps

 Chinese APT groups increasingly lean on open source platform SoftEther VPN for network access. Now they're lending their know-how to Iranian counterparts. November 7, 2024 By Becky Bracken Infamous Chinese advanced persistent threat (APT) group "MirrorFace" has made notable moves into diplomatic espionage in the European Union using SoftEther VPN, the emerging tool of choice among these threat groups.MirrorFace gained wide notoriety with its 2022 efforts to interfere in Japanese elections, and it has maintained operations in the country ever since. But researchers at ESET noticed the group recently popped up in the EU with espionage attacks against an unidentified diplomatic entity."For the first time, we observed MirrorFace targeting a diplomatic organization within the EU, a region that remains a focal point for several China-, North Korea-, and Russia-aligned threat actors," Jean-Ian Boutin, director of threat research at ESET, said in a statement about the findings. "Many of these

50
Jasper_The_Rasper
Moderator
12 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

November 8, 2024 By Pierluigi Paganini Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock, reported 404 Media.Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media.404 Media obtained the document from a mobile forensics source and verified it with another source.The document notes that some iPhones in a forensics lab, including those in Airplane mode or a Faraday box, rebooted unexpectedly, losing their “After First Unlock” (AFU) state.iPhones in an “After First Unlock” (AFU) can be accessed by law enforcement by using forensics tools like Cellebrite.Once rebooted, the devices went into a Before First Unlock (BFU) state, which makes unlocking them much harder, as current tools can’t crack BFU iPhones. Three iPhones running iOS 18.0 were added to the lab on October 3, and offi

10
Jasper_The_Rasper
Moderator
12 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Unpatched Mazda Connect bugs let hackers install persistent malware

November 8, 2024 By Bill Toulas Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission.The security issues remain unpatched and some of them are command injection flaws that could be leveraged to obtain unrestricted access to vehicle networks, potentially impacting the car's operation and safety.Vulnerability detailsResearchers found the flaws in the Mazda Connect Connectivity Master Unit from Visteon, with software initially developed by Johnson Controls. They analyzed the latest version of the firmware (74.00.324A), for which there are no publicly reported vulnerabilities.The CMU has its own community of users that modify it to improve functionality (modding). However, installing the tweaks relies on software vulnerabilities.In a report yesterday, Trend Micro's Zero Day Initiative (ZDI) explains that the discovered problems vary from SQL inject

20
Jasper_The_Rasper
Moderator
12 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
New Campaign Uses Remcos RAT to Exploit Victims

By Xiaopeng Zhang | November 08, 2024 Affected platforms: Microsoft WindowsImpacted parties: Windows UsersImpact: Fully remotely control a victim’s computerSeverity level: HighFortinet’s FortiGuard Labs recently noticed a phishing campaign in the wild. It is initialized with a phishing email containing a malicious Excel document. Upon researching the campaign, I found it was spreading a new variant of the Remcos RAT. OverviewRemcos is a commercial RAT (remote administration tool) sold online. It provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer. However, threat actors have abused Remcos to collect sensitive information from victims and remotely control their computers to perform further malicious acts.Figure 1 displays the Remcos webpage.Figure 1: Remcos RAT software is sold onlineIn this security blog, I will show how Remcos is delivered to a victim’s device, what kinds of anti-analysis techniques it leverages to protect its

40
Jasper_The_Rasper
Moderator
12 days ago
ProTruckDriver
Moderator
ProTruckDriverModerator
posted in Tech Talk
How to Install Windows 11 on Mac with UTM

by: Ali KhanYou can install and run Windows 11 on a Mac, without having to overwrite the MacOS operating system, by installing Windows 11 into a virtual machine. Virtual machines are self-contained installations of operating systems that can be used for a variety of purposes, from testing to demonstrations, to running software that runs on Windows but not on Mac.We’re going to walk through the necessary steps to install Windows 11 on a Mac into a virtual machine using the UTM app. The end result will be that you can run Windows 11 on your Mac at any time just by opening the UTM app and starting the virtual machine. This may sound complex, but we’ll walk through every step. ⇨⇨ Full Article ⇦⇦ 

111
MajorHavoc
Bronze VIP
13 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Release notes for Microsoft Edge Security Updates November 7, 2024

November 7, 2024Microsoft has released the latest Microsoft Edge Stable Channel (Version 130.0.2849.80) that incorporates the latest updates of the Chromium project. For more information, see the Security Update Guide. https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security Make sure to re-add back in the Privacy Protection area after every update. Click on GIF to see full size!  

50
TripleHelix
Moderator
13 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Malicious Python package collects AWS credentials via 37,000 downloads

November 7, 2024 By Steve Zurier (Adobe Stock Images)A malicious Python package called "Fabrice" that’s been live on PyPI since 2021 has been typosquatting the popular Fabric SSH automation library, quietly exfiltrating AWS credentials by making more than 37,000 downloads.The Socket Research Team said in a Nov. 6 post that the legitimate Fabric library has more than 201 million downloads and has earned the trust of developers worldwide. Fabric operates as a high-level Python (2.7, 3.4+) library that executes shell commands remotely over SSH, yielding useful Python objects in return. According to the Socket Research Team, Fabrice was designed to exploit this trust: it contains payloads that steal credentials, create backdoors, and execute platform-specific scripts. “The Fabrice package represents a sophisticated typosquatting attack, crafted to…exploit unsuspecting developers by gaining unauthorized access to sensitive credentials on both Linux and Windows systems,” wrote the researcher

30
Jasper_The_Rasper
Moderator
13 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
HPE warns of critical RCE flaws in Aruba Networking access points

November 7, 2024 By Bill Toulas Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points.The two security issues could allow a remote attacker to perform unauthenticated command injection by sending specially crafted packets to Aruba's Access Point management protocol (PAPI) over UDP port 8211.The critical flaws are tracked as CVE-2024-42509 and CVE-2024-47460, and have been assessed with a severity score of 9.8 and 9.0, respectively. Both are in the command line interface (CLI) service, which is accessed via the PAPI protocol.The update also fixes another four security vulnerabilities:CVE-2024-47461 (7.2 severity score): authenticated remote command execution that could allow an attacker to execute arbitrary commands on the underlying operating system CVE-2024-47462 and CVE-2024-47463 (7.2 severity score): an authenticated attacker could create arbitrary files, potentially leading

10
Jasper_The_Rasper
Moderator
13 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Microsoft October 2024 Security Updates (Patch Tuesday)

This is what I got for today on my Windows 10 Pro. More info will follow.  

11415
TripleHelix
Moderator
13 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Fake Copyright Infringement Emails Spread Rhadamanthys

 Attackers are triggering victims' deep-seated fear of getting in trouble in order to spread the sophisticated stealer across continents. November 6, 2024 By Nate Nelson Hundreds of companies worldwide have been targeted with spear-phishing emails claiming copyright infringement that actually deliver an infostealer.Starting in July, Check Point Research began to track the emails as they spread across the Americas, Europe, and Southeast Asia, coming from a new domain each time. Hundreds of its customers have been targeted, indicating that the real reach of the campaign may be far greater still.The goal of the emails is to bait guilt-riddled victims into downloading Rhadamanthys, a sophisticated infostealer equally capable of pilfering nation-state intelligence or, in this case, cryptocurrency wallet passphrases. >>Full Article<<

30
Jasper_The_Rasper
Moderator
13 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Air fryers are the latest surveillance threat you didn’t consider

I think people will know my thought on this already BUT JUST, WHY have a so called smart air fryer? We do not need all this so called smart stuff.Rant over so here is the article.  November 7, 2024 By Pieter Arntz Consumer group Which? has warned shoppers to be selective when it comes to buying smart air fryers from Xiaomi, Cosori, and Aigostar.We’ve learned to expect that “smart” appliances come with privacy risks—toothbrushes aside—but I really hadn’t given my air fryer any thought. Now things are about to change.You don’t need to worry about the air fryers sending reports about your eating habits to your healthcare provider just yet. But according to Which?, the air fryers’ associated phone apps wanted to know customers’ precise locations, as well as permission to record audio on the user’s phone.The researchers also found evidence that the Aigostar and Xiaomi fryers both sent people’s personal data to servers in China. This was specified in the privacy notice, but we know not every

30
Jasper_The_Rasper
Moderator
13 days ago

Badges

Show all badges

Join the Conversation

Terms & Conditions