Skip to main content
To Customer Support To Customer Support

Welcome

News, Announcements, Tech Discussions

45081 Topics
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
FBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking Campaign

Guidance issued by the FBI and CISA is intended to help root out the hackers and prevent similar cyberespionage. December 3, 2024 By Associated Press Federal authorities on Tuesday urged telecommunication companies to boost network security following a sprawling Chinese hacking campaign that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans.The guidance issued by the FBI and the Cybersecurity and Infrastructure Security Agency is intended to help root out the hackers and prevent similar cyberespionage in the future. Officials who briefed reporters on the recommendations said the U.S. still doesn’t know the true scope of China’s attack or the extent to which Chinese hackers still have access to U.S. networks.In one sign of the global reach of China’s hacking efforts, the government’s warning was issued jointly with security agencies in New Zealand, Australia and Canada, members of the Five Eyes intelligence alliance, which also i

122
Jasper_The_Rasper
Moderator
20 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Police seizes largest German online crime marketplace, arrests admin

December 3, 2024 By Bill Toulas Germany has taken down the largest online cybercrime marketplace in the country, named "Crimenetwork," and arrested its administrator for facilitating the sale of drugs, stolen data, and illegal services.The law enforcement action was carried out on Monday by the Public Prosecutor's Office in Frankfurt am Main, the Central Office for Combating Cybercrime (ZIT), and the Federal Criminal Police Office (BKA).Crimenetwork was the largest German-language marketplace where criminals posted stolen data and drugs for sale and offered services such as document forging.Established in 2012, the site had over 100 registered sellers and 100,000 users when it was shut down, most of which were based in German-speaking countries."The platform, considered the largest German-speaking online marketplace for the underground economy, had been active for many years," reads BKA's announcement. >>Full Article<<

30
Jasper_The_Rasper
Moderator
20 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability

Cisco has updated an advisory for CVE-2014-2120 to warn customers that the vulnerability has been exploited in the wild.  December 3, 2024 By Eduard Kovacs Cisco on Monday updated an advisory covering a decade-old vulnerability to warn customers about in-the-wild exploitation. The vulnerability is tracked as CVE-2014-2120 and it has been described as a medium-severity cross-site scripting (XSS) vulnerability affecting the WebVPN login page of Cisco Adaptive Security Appliance (ASA) products.According to the networking giant, an unauthenticated, remote attacker can exploit the vulnerability to conduct XSS attacks against WebVPN users by getting them to click on a malicious link.Cisco published its initial advisory for CVE-2014-2120 in March 2014, when it informed customers that they should reach out to support channels to obtain a patched software version. >>Full Article<<

30
Jasper_The_Rasper
Moderator
20 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
16 Zero-Days Uncovered in Fuji Electric Monitoring Software

Flaws in Fuji's Tellus and V-Server Software Pose Risks to Critical Infrastructure December 3, 2024 By Jayant Chakravarti Fuji Electric Co. building in Tokyo, Japan (Image: Shutterstock)Security researchers have uncovered 16 zero-day vulnerabilities in Japanese equipment manufacturer Fuji Electric's remote monitoring software that enable attackers to execute malicious code in devices commonly used by utilities and other critical infrastructure providers.The Zero Day Initiative said the zero-day vulnerabilities affect Fuji Electric's Tellus and Tellus Lite remote monitoring software and V-Server and V-Server Lite simulator modules and remote monitoring software in a graphic editor called V-SFT. >>Full Article<<

10
Jasper_The_Rasper
Moderator
20 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Veeam warns of critical RCE bug in Service Provider Console

December 3, 2024 By Sergiu Gatlan ​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.The first security flaw fixed today (tracked as CVE-2024-42448 and rated with a 9.9/10 severity score) enables attackers to execute arbitrary code on unpatched servers from the VSPC management agent machine.Veeam also patched a high-severity vulnerability (CVE-2024-42449) that can let attackers steal the NTLM hash of the VSPC server service account and use the gained access to delete files on the VSPC server. >>Full Article<<

10
Jasper_The_Rasper
Moderator
20 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
760,000 Employee Records From Several Major Firms Leaked Online

A hacker has posted online over 760,000 records belonging to employees of Bank of America, Koch, Nokia, JLL, Xerox, Morgan Stanley, and Bridgewater. December 3, 2024 By Ionut Arghire The information of more than 760,000 employees of several major organizations emerged online on Monday morning after a threat actor dumped it on a popular hacking forum.The data apparently originates from last year’s massive MOVEit hack, in which a zero-day vulnerability in Progress Software’s file transfer software was used to steal sensitive information from thousands of organizations.Roughly 2,800 organizations and close to 100 million individuals were affected by the attack, which is believed to have been carried out by the Russia-linked Cl0p ransomware gang.The newly emerged data was posted on Monday on the BreachForums cybercrime forum by a threat actor named Nam3l3ss, who was previously associated with other data dumps linked to the MOVEit hack. >>Full Article<<

20
Jasper_The_Rasper
Moderator
20 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Venom Spider Spins Web of New Malware for MaaS Platform

A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group's cybercriminal tool set.  December 3, 2024 By Elizabeth Montalbano A known threat actor in the malware-as-a-service (MaaS) business known as "Venom Spider" continues to expand capabilities for cybercriminals who use its platform, with a novel backdoor and loader detected in two separate attacks in a recent two-month period.Researchers at Zscaler ThreatLabz uncovered campaigns between August and October of this year that leveraged a backdoor called called RevC2, as well as a loader called Venom Loader, in attacks that use known MaaS tools from Venom Spider (aka Golden Chickens), according to a blog post published Dec. 2.RevC2 uses WebSockets to communicate with its command-and-control (C2) server and can steal cookies and passwords, proxy network traffic, and enable remote code execution (RCE). Venom Loader meanwhile uses the victim's computer name to encode payloads,

20
Jasper_The_Rasper
Moderator
20 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Energy industry contractor ENGlobal Corporation discloses a ransomware attack

December 3, 2024 By Pierluigi Paganini ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC.A ransomware attack disrupted the operations of a major energy industry contractor, ENGlobal Corporation.Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 million year-to-date.According to the FORM 8-K report filed with the U.S. Securities and Exchange Commission (SEC), the company discovered the attack on November 25. The threat actors had access to the company’s information technology systems and encrypted some of its data files. The investigation into the security breach is still ongoing and the company is remediating the incident with the help of external cybersecurity specialists. >>Full Article<<

10
Jasper_The_Rasper
Moderator
20 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Exploit released for critical WhatsUp Gold RCE flaw, patch now

December 3, 2024 By Bill Toulas A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible.The flaw is tracked as CVE-2024-8785 (CVSS v3.1 score: 9.8) and was discovered by Tenable in mid-August 2024. It exists in the NmAPI.exe process in WhatsUp Gold versions from 2023.1.0 and before 24.0.1. >>Full Article<<

10
Jasper_The_Rasper
Moderator
20 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Google Chrome Stable Channel Update for Desktop Tuesday December 3, 2024

Tuesday, December 3, 2024The Stable channel has been updated to 131.0.6778.108/.109 for Windows, Mac and 131.0.6778.108 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop.html Webroot users make sure to re-add back to Privacy Protection!  

40
TripleHelix
Moderator
20 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA Adds Three Known Exploited Vulnerabilities to Catalog Release Date December 03, 2024

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2023-45727·   North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability·  CVE-2024-11680·   ProjectSend Improper Authentication Vulnerability·  CVE-2024-11667 Zyxel Multiple Firewalls Path Traversal VulnerabilityUsers and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peekrelated to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474for additional information. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Ex

40
TripleHelix
Moderator
20 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA Releases Eight Industrial Control Systems Advisories Release Date December 03, 2024

CISA released eight Industrial Control Systems (ICS) advisories on December 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-24-338-01 Ruijie Reyee OS ICSA-24-338-02 Siemens RUGGEDCOM APE1808 ICSA-24-338-03 Open Automation Software ICSA-24-338-04 ICONICS and Mitsubishi Electric GENESIS64 Products ICSA-24-338-05 Fuji Electric Monitouch V-SFT ICSA-24-338-06 Fuji Electric Tellus Lite V-Simulator ICSA-22-307-01 ETIC Telecom Remote Access Server (RAS) (Update B) ICSA-24-184-03 ICONICS and Mitsubishi Electric Products (Update A)CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.This product is provided subject to this Notification and this Privacy & Use policy.Vendor Siemens Open Automation Software ICONICS, Mitsubishi Electric Fuji Electric ETIChttps://www.cisa.gov/news-events/alerts/2024/12/03/cisa-releases-eight-industrial-control-sy

40
TripleHelix
Moderator
20 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Android Security Bulletin December 2024

Published December 2, 2024The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.The most severe of these issues is a high security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.Ref

130
TripleHelix
Moderator
21 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Vulnerability Summary for the Week of November 25, 2024 Released Dec 02, 2024

Document IDSB24-337 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:High: vulnerabilities with a CVSS base score of 7.0–10.0 Medium: vulnerabilities with a CVSS base score of 4.0–6.9 Low: vulnerabilities with a CVSS base score of 0.0–3.9Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is comp

20
TripleHelix
Moderator
21 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Korea arrests CEO for adding DDoS feature to satellite receivers

December 2, 2024 By Bill Toulas South Korean police have arrested a CEO and five employees for manufacturing over 240,000 satellite receivers pre-loaded or later updated to include DDoS attack functionality at a purchaser's request.While neither company has been named, the two companies have been trading since 2017. In November 2018, the purchasing company made a special request to include DDoS functionality, with the South Korean manufacturer complying.Allegedly, the functionality was needed to counter the attacks of a competing entity.The exact way the DDoS functionality was leveraged on the devices was not specified, but these attacks are always illegal when targeting external systems.Moreover, users of the satellite receivers were involuntarily taking part in attacks and might have experienced reduced device performance during these occurrences.From January 2019 to September 2024, the manufacturer of the devices shipped 240,000 satellite receivers, 98,000 of which had a DDoS module

20
Jasper_The_Rasper
Moderator
21 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
The shocking speed of AWS key exploitation

December 2, 2024 By Zeljka Zorz It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them.Clutch Security researchers performed a test to see just how quickly that can happen.They dispersed AWS access keys (in different scenarios) on:Code hosting and version control platforms: GitHub and GitLab Public code repositories: Docker Hub (for containers), npm (for JavaScript packages), PyPI (for software written in Python), Crates.io (for Rust crates) Repositories for hosting and testing code snippets: JSFiddle, Pastebin, and public and private GitHub Gists Developer forums: Stack Overflow, Quora, Postman Community, and Reddit >>Full Article<<

40
Jasper_The_Rasper
Moderator
21 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Russia sentences Hydra dark web market leader to life in prison

December 2, 2024 By Sergiu Gatlan Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. Additionally, more than a dozen accomplices have been convicted for their involvement in the production and sale of nearly a ton of drugs.Stanislav Moiseyev, the group's "organizer," who was sentenced to life imprisonment, also received a fine of 4 million rubles, as Russian media group RBC first reported.His co-conspirators (Alexander Chirkov, Andrey Trunov, Evgeny Andreyev, Ivan Koryakin, Vadim Krasninsky, Georgy Georgobiani, Artur Kolesnikov, Nikolay Bilyk, Alexander Khramov, Kirill Gusev, Anton Gaykin, Alexey Gukalin, Mikhail Dombrovsky, Alexander Aminov and Sergey Chekh) received imprisonment for terms ranging from 8 to 23 years, with fines totaling 16 million rubles.The court said they would serve their imprisonment terms within special and strict regime penal colonies. >>Full Article<<

30
Jasper_The_Rasper
Moderator
21 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Prototype UEFI Bootkit is South Korean University Project; LogoFAIL Exploit Discovered

The ‘Bootkitty’ prototype UEFI bootkit contains an exploit for LogoFAIL and was created in a South Korea university program. December 2, 2024 By Ryan Naraine The discovery of a prototype UEFI bootkit targeting specific Ubuntu Linux setups has deepened with revelations linking its creation to a South Korean university project and the integration of a LogoFAIL exploit to bypass Secure Boot verifications.According to SecurityWeek sources, Bootkitty is a research project from South Korea’s BoB (“Best of the Best”) academic program that provides training to cybersecurity talent. The BoB program is part of the South Korea Information Technology Research Institute and affiliated to the country’s organization of the Ministry of Trade, Industry and Energy.The bootkit, discovered by ESET after samples were uploaded to VirusTotal, was created by the university researchers to demonstrate real-world security risks below the operating system.  The university could not be reached for comment. >&gt

20
Jasper_The_Rasper
Moderator
21 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
No company too small for Phobos ransomware gang, indictment reveals

 December 2, 2024 By David Ruiz The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.The government’s indictment against Ptitsyn should dispel any notion that ransomware gangs only target the largest, richest, most robust corporations on the planet, as one Phobos affiliate allegedly extorted a Maryland-based healthcare provider out of just $2,300—possibly the lowest payment ever recorded.In a November 18 statement, Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division, stressed the wanton victim targeting by Ptitsyn’s ransomware network. >>Full Article<< 

30
Jasper_The_Rasper
Moderator
21 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

December 2, 2024 By Pierluigi Paganini International law enforcement operation Operation HAECHI-V led to more than 5,500 suspects arrested and seized over $400 million.A global operation code-named Operation HAECHI V, involving 40 countries, resulted in 5,500+ arrests and seized $400M in assets. Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, and e-commerce fraud.Korean and Chinese authorities dismantled a voice phishing syndicate that caused $1.1B in losses to 1,900+ victims. The operation led to 27 arrests and 19 indictments.INTERPOL also issued a Purple Notice to warn countries about emerging fraudulent activities involving cryptocurrencies. The authorities have warned of “USDT Token Approval Scam” that allows scammers access to the victims’ cryptocurrency wallets and make unauthorized transactions. Attackers first lure victims using romance baiting techniques, then instruct them to buy popula

50
Jasper_The_Rasper
Moderator
21 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
SmokeLoader Attack Targets Companies in Taiwan

By Pei Han Liao | December 02, 2024 Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High In September 2024, FortiGuard Labs observed an attack using the notorious SmokeLoader malware to target companies in Taiwan, including those in manufacturing, healthcare, information technology, and other sectors. SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks. While SmokeLoader primarily serves as a downloader to deliver other malware, in this case, it carries out the attack itself by downloading plugins from its C2 server.Figure 1: Attack flow PhishingFigure 2 shows a phishing email used in this campaign. The sender claims the attached malicious file is a quotation and includes a list of special instructions. While this email is persuasive, as it uses native words and phrases, these phishing emails are

20
Jasper_The_Rasper
Moderator
21 days ago
RetiredTripleHelix
Gold VIP
RetiredTripleHelixGold VIP
posted in Tech Talk
Internet Speed tests post your results!

I'm on a 150/15 Plan on Cable so tell us about yours! My results are via 5G Wireless connection.   Daniel ;)   Here is my link to Rogers Speed Test if you want to try it: http://www.rogers.com/web/Rogers.portal?_nfpb=true&_pageLabel=support_internetServices_&cm_mmc=grdrt-_-all-_-en-_-speedcheck  also if you have any other speed tests sites that are good post them.   http://www.speedtest.net/   http://www.speedtest.net/result/3564098168.png  

666173
Jasper_The_Rasper
Moderator
21 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Novel phising campaign uses corrupted Word documents to evade security

December 1, 2024 A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application.Threat actors constantly look for new ways to bypass email security software and land their phishing emails in targets' inboxes.A new phishing campaign discovered by malware hunting firm Any.Run utilizes intentionally corrupted Word documents as attachments in emails that pretend to be from payroll and human resources departments.Phishing emailFull Article

60
TripleHelix
Moderator
22 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
SpyLoan Android malware on Google play installed 8 million times

November 30, 2024 By Bill Toulas A new set of 15 SpyLoan apps with over 8 million installs was discovered on Google Play, targeting primarily users from South America, Southeast Asia, and Africa.The apps were discovered by McAfee, a member of the 'App Defense Alliance,' and have now been removed from Android's official app store.However, their presence on Google Play is indicative of the threat actors' persistence, as even recent law enforcement actions against SpyLoan operators have not curbed the issue, says McAfee.The last major "SpyLoan cleanup" on Google Play was in December 2023, when over a dozen apps that had amassed 12 million downloads were removed. >>Full Article<<

121
TripleHelix
Moderator
23 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Hackers claim to have cracked Microsoft's software licensing protection almost entirely

 Nov 30, 2024Updated • Nov 30, 2024 A team of hackers claim that they have cracked "almost the entire Windows / Office software licensing protection". The breakthrough allows them to activate "almost any version of Windows and Office" permanently.Windows and Office installations require activation. This may happen behind the scene or when users enter product keys.Workarounds and hacks have been available for a long time. One popular choice requires running a single line of instructions from a PowerShell prompt to activate Windows 8 or later, or Office.The creators of the solution claim now that they have found ways to extend this to even more Windows and Office products. Full Article

131
ProTruckDriver
Moderator
23 days ago

Badges

Show all badges

Join the Conversation

Terms & Conditions