Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
Risk, Security

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

Threat actors are becoming more interested in Sliver, a legal command-and-control (C2) framework that has emerged as an open-source substitute for Cobalt Strike and Metasploit. The research was conducted by Cybereason, which last week released a thorough investigation of its internal operations. Sliver is a cross-platform post-exploitation framework built on Golang and created by cybersecurity startup BishopFox for use by security experts in red team operations read the complete article Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks.
Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud
Resources, Risk, Security

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

Two security holes have been identified in Samsung's Galaxy Store programme for Android, which a local attacker might use to instal arbitrary apps covertly or lead potential victims to bogus landing pages online. The vulnerabilities were found by NCC Group and reported to the South Korean chaebol in November and December 2022. They were tracked as CVE-2023-21433 and CVE-2023-21434.  The updates were included in version 4.5.49.8, which was published earlier this month, and Samsung categorized the bu...
WhatsApp Hit with €5.5m fine for GDPR Violations
Resources, Risk, Security

WhatsApp Hit with €5.5m fine for GDPR Violations

The Irish Data Protection Commission has fined WhatsApp €5.5 million ($5.9 million) for violating the GDPR (DPC). WhatsApp Ireland has been ordered to bring its data processing operations into compliance within six months in addition to paying the penalties. Significant differences amongst European data protection authorities regarding WhatsApp's level of responsibility were on display in this case. The fine pertains to a revision to WhatsApp's terms of service that was made on May 25, 2018, the day the EU's GDPR took effect. This advised both current and new users that they had to click "agree and continue" to confirm their acceptance of the amended Terms of Service if they wished to continue using the WhatsApp service after the implementation of the new rules read the complete...
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps
Risk, Security

Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps

An "expansive" ad fraud operation that spoofs over 1,700 programs from 120 publishers and affects around 11 million devices has been stopped by researchers. The fraudulent actors were able to stack several invisible video ad players behind one another and log ad views thanks to the "VASTFLUX" malvertising attack, according to the fraud detection company HUMAN. Fast Flux, a DNS evasion method, and VAST, a digital video ad serving template, which is used to display ads to video players, are what give the operation its name. The smart operation placed bids for the display of ad banners specifically in the constrained in-app contexts that run adverts on iOS read the complete article Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps. Stay informed on ...
New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability
Risk, Security

New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability

In assaults against a European government organization and an African managed service provider (MSP), a suspected China-nexus threat actor used a recently fixed Fortinet FortiOS SSL-VPN vulnerability as a zero-day. The exploitation took place as early as October 2022, at least over two months before updates were made, according to telemetry data acquired by Google-owned Mandiant. Researchers from Mandiant claimed in a technical analysis that the event "continues China's trend of targeting internet-facing devices, notably those used for managed security purposes (e.g., firewalls, IPSIDS appliances, etc.)." In order to carry out the attacks, a sophisticated backdoor known as BOLD MOVE was used. This backdoor is a Linux variant that has been optimized to run on Fortinet's FortiGate ...
T-Mobile says hacker accessed personal data of 37 million customers
Risk, Security

T-Mobile says hacker accessed personal data of 37 million customers

T-Mobile disclosed that a hacker gained access to a treasure trove of personal information belonging to 37 million users in a financial statement on Thursday. The telecommunications behemoth claimed that the data theft began on November 25 and that the "bad actor" stole "name, billing address, email, phone number, date of birth, T-Mobile account number, information such as the number of lines on the account and plan features." T-Mobile claimed in the SEC filing that it discovered the breach on January 5—more than a month after it occurred—and that a day later it had addressed the issue of the hacker taking advantage of it. According to T-Mobile, the hackers misused an application programming interface (API) rather than breaking into any business system read more T-Mobile says hac...
Over a Third of Recent ICS Bugs Still Have No Vendor Patch
Risk, Security

Over a Third of Recent ICS Bugs Still Have No Vendor Patch

Operators of industrial control systems (ICS) are being let down by their vendors, according to new data that shows 35% of CVEs announced in the second half of 2022 still lack a fix. The 926 CVEs identified via ICS Advisories from the Cybersecurity and Infrastructure Security Agency (CISA) were examined in SynSaber's ICS Vulnerabilities report for H2 2022. It was discovered that many ICS asset owners' systems are vulnerable as a result of a lack of vendor updates, in addition to the rise in disclosed CVEs (up 36% from the 681 revealed in the first half of the year). According to SynSaber, "Original Equipment Manufacturer (OEM) providers often have tight patch testing, approval, and installation processes," which is why delays frequently occur read the complete article Over a Thir...
New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks
Risk, Security

New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks

An attacker might use a newly found major remote code execution (RCE) weakness that affects numerous Microsoft Azure services to take complete control of a target application. According to Liv Matan, an Ermetic researcher, "the vulnerability is achieved by CSRF (cross-site request forgery) on the widely used SCM provider Kudu." Attackers are able to send malicious ZIP files with a payload to a victim's Azure application by taking advantage of the vulnerability. The Israeli company that specializes in protecting cloud infrastructure called the flaw EmojiDeploy and warned that it might make it easier for hackers to steal sensitive information and move it to other Azure services read the complete article New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks. Stay ...
Texas Universities Block Access to TikTok on Their WiFi Networks
Resources, Security

Texas Universities Block Access to TikTok on Their WiFi Networks

TikTok is not accessible on the Wi-Fi networks of public colleges throughout Texas as a result of a state mandate that prohibits video-sharing software from being used on equipment that is provided by the government. The University of Texas at Austin informed students of the crackdown in an email on Tuesday(Opens in a new window). The university today disabled access to TikTok on our networks. If you are linked to the university through its wired or wireless networks, you are no longer permitted to access TikTok on any device, the letter states. Since the parent business of the video-sharing app, ByteDance, is based in China, Texas Governor Greg Abbott issued an executive order on December 7(Opens in a new window) prohibiting its usage on state-owned devices. Abbott and a large ...
Wikipedia Desktop Site Gets New Look, Its First in Over 10 Years
Events, Resources

Wikipedia Desktop Site Gets New Look, Its First in Over 10 Years

For the first time in more than ten years, Wikipedia is updating its desktop interface. The new design is currently being implemented on the majority of Wikipedia pages. The website first made the redesign announcement in 2020, with intentions to implement it by the end of 2021. Although the Wikimedia Foundation has simply stated that the redesign was a "long and complex process," it is unclear why the upgrade was further postponed. However, the objective has been to enhance the browsing experience overall by making little, user-feedback-driven adjustments here and there. Selena Deckelmann, chief product officer at Wikimedia Foundation, the nonprofit organization that runs Wikipedia, stated read the complete story Wikipedia Desktop Site Gets New Look, Its First in Over 10 Years....