Intellawatch

Authorities Busted Cybercrime Platform that Steal Passwords & Card Details cyber

from

GBHackers On Security

International law enforcement agencies have successfully dismantled a notorious cybercrime platform, LabHost, which facilitated criminals in conducting phishing attacks to steal sensitive information such as passwords, addresses, and card details from unsuspecting victims worldwide. LabHost’s operations have had a devastating impact on victims, with the platform enabling criminals to deceive individuals into surrendering their personal information. Police estimate that more than 40,000 fake web....

CISA, FBI, and ODNI Join Forces: Guidance Released to Secure Elections from Foreign Interference cyber

from

The Cyber Express

Acting Assistant Director Joseph Rothrock of the FBI’s Counterintelligence Division highlighted the collaborative approach in combating foreign malign influence, stating, “We are putting out this guide because our strategy in combatting this threat starts with awareness and collaboration. ODNI Foreign Malign Influence Center Director Jessica Brandt elucidated on the evolving landscape of influence activities, characterizing them as a “whole-of-society challenge” for the Intelligence Community a....

Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers cyber

from

Blog on Shielder

Typically externally controlled webviews are considered vulnerable for different reasons, which range from XSS to, in some cases, Remote Code Execution (RCE). In this specific scenario, what we believe would have the highest impact is that it enables some form of UI Spoofing. If you are looking for a trusted partner to assess the security of your products: get in touch with us!....

Lazarus Group Deploys New Hacking Arsenal in Targeted Cyberattacks cyber

from

Penetration Testing Online

Potential victims received seemingly legitimate job offers, leading them to download and execute a malicious ISO file presented as part of the interview process. This file cleverly bypassed Windows 10’s Mark-of-the-Web (MotW) security feature, showcasing the attackers’ profound understanding of modern operating systems. Continuous updates, layered security solutions, and ongoing user awareness training are essential to mitigate risks in this complex threat landscape.....

Supply Chain Cybersecurity – the importance of everyone cyber

from

The State of Security

I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. Government supply chain cybersecurity makes similar far-reaching demands, requiring contractors of the Defense Industrial Base (DIB) to be fully security-vetted before even making a bid. This video shows how we can take the first steps and start to discover supply chain vulnerabilities within our vendor relationships.....

Caught in the Crossfire: Jordan’s Cyber Defenses Tested Amid Israel-Iran Clashes cyber

from

The Cyber Express

Source: XJordanian authorities are dealing with reports of cyberattacks while also facing public criticism for their decision to support Israel against Iran. Many Jordanians feel betrayed by their government’s stance, resulting in significant anger and protests against the alliance with Israel. Media Disclaimer: This report is based on internal and external research obtained through various means.....

Sneaky Shellcode: Windows Fibers Offer EDR-Proof Code Execution cyber

from

Dark Reading:

That's according to Daniel Jary, an independent security researcher, who laid out two new proof-of-concept (PoC) attacks using fibers in on Thursday. Fibers were initially developed at a time when CPUs had fewer cores available to them and could accommodate only so many threads. "Fiber's alternate execution method is valuable to attackers because it helps us sidestep traditional telemetry sources that we get with threads, in particular kernel callbacks," he says.....

Authorities take down LabHost, phishing-as-a-service platform cyber

from

Help Net Security

While this model is well established with ransomware groups, it has also been adopted in other aspects of cybercrime, such as phishing attacks. Labhost offered a menu of over 170 fake websites providing convincing phishing pages for its users to choose from. Platforms such as LabHost make cybercrime more easily accessible for unskilled hackers, significantly expanding the pool of threat actors.....

Le Slip Français - 1,495,127 breached accounts breach

from

Have I Been Pwned latest breaches

On disclosure to both organisations, each found that the data did not represent their entire customer base and possibly includes records from other sources with common subscribers. In approximately November 2016, the search engine optimisation management company RankWatch exposed a Mongo DB with no password publicly whereupon their data was exfiltrated and posted to an online forum. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as bcr....

What is Encryption in Malware? – Understand From Basics to XOR cyber

from

GBHackers On Security

Ciphertext is the encrypted data that looks like a bunch of random letters or bytes and can’t be read. Simple substitution ciphers replace plaintext characters with alternative symbols according to a key, like swapping letters for emojis, as the concept underlies all encryption. This live feature helps stop zero-day vulnerabilities and advanced malware that can get past signature-based protection.....

Phishing-as-a-Service Platform LabHost Seized by Authorities cyber

from

GBHackers On Security

Authorities have dismantled LabHost, a notorious cybercrime platform that facilitated widespread phishing attacks across the globe. Authorities have revealed that the platform was instrumental in tricking nearly half a million people into divulging their bank card details and PIN numbers. The international investigation into LabHost’s activities involved collaboration between law enforcement agencies and private sector partners, demonstrating a unified approach to combating online fraud.....

Your All-In Guide to MSP Patch Management Software in 2024 [Template Included] cyber

from

Heimdal Security Blog

ManageEngine Vulnerability Management Plus makes patching easy by bringing all the tasks into one place, perfect for organizations with different types of networks. Automox handles patch management in the cloud, covering everything from finding updates to installing them, which is great for keeping remote devices safe. Automox it’s built for cloud systems and does a thorough job of patching, which is crucial when so many people are working remotely.....

Years-Old Vulnerability in AMI MegaRAC BMCs Impacts Intel and Lenovo Hardware cyber

from

Heimdal Security Blog

The flaw impacts hardware vendors that use AMI MegaRAC BMCs, like Intel, Lenovo and Supermicro. Researchers first found the vulnerability in one of Intel’s Server System devices lighttpd module. A very outdated third-party component present in the latest version of firmware, creating additional risk for end users.....

Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers cyber

from

Heimdal Security Blog

Researchers observed a rise in daily infection attempts leveraging old TP-Link Archer Command Injection Vulnerability. But the risks are too high to ignore, says Mikkel Pedersen, Cybersecurity Speaker & Community Leader: It’s an open invitation for everyone to get in and take what they want.....

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available cyber

from

Security Affairs

An attacker could exploit this vulnerability by submitting a crafted CLI command. The IT giant devices that are based on a preconfigured version of a UCS C-Series Server are also impacted by this flaw if they expose access to the IMC CLI. The company states that there are no workarounds to solve this vulnerability.....

Security Minister warns of deepfake cyber risk at Westminster summit cyber

from

Technology – Business Matters

Speaking at a security summit attended by industry leaders in Westminster on Tuesday evening, Mr Tugendhat also discussed key issues such as protecting critical national infrastructure, cyber skills, and the government’s digital skills strategy. Skills expert Dr. Adeshola Cole, CEO of Tritek Consulting, who attended the event said: “Cyber crime poses an existential threat to businesses, particularly with criminals harnessing tools like AI to launch increasingly devastating attacks. Meanwhile Tr....

Armis Acquires AI-based Vulnerability Detection Firm Silk Security cyber

from

GBHackers On Security

Armis, a leading cybersecurity company, has acquired Silk Security, an AI-powered vulnerability detection firm. Silk Security’s capabilities are set to be integrated into the Armis Centrix™ platform, marking a paradigm shift in how organizations approach risk resolution. The integrated solution has enabled organizations to close many findings, reducing overall threat debt and enhancing their security posture.....

Cannes Hospital Back to Basics: Pen and Paper Power Healthcare After Cyberattack breach

from

The Cyber Express

The hospital’s crisis unit wasted no time in implementing stringent measures, including a general cyber containment protocol that swiftly severed all computer access while ensuring telephony services remained operational. “The cyberattack is currently being analyzed in conjunction with expert partners (ANSSI, Cert Santé, Orange CyberDéfense, GHT06). Drawing from the experiences of other healthcare institutions that have faced similar challenges, CHC-SV is bracing for a protracted recovery proce....

Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate cyber

from

Help Net Security

Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants — cheap, independently produced, and crudely constructed — on the dark web. These new variants offer an attractive way for newer cybercriminals to get started in the ransomware world, and alongside the advertisements for these cheap ransomware variants are numerous posts requesting advice and tutorials on how to get started. That leaves an intelligence gap for defenders, one the security community will have to fill,” s....

RansomHouse Allegedly Strikes Lopesan Hotels: 650GB Data Breach Unfolds breach

from

The Cyber Express

In the words of RansomHouse representatives, the group claims to not encrypt data and that they are ‘ extortion only,’ claiming itself as a ‘force for good’ that intends ‘shine a light’ on companies with poor security practices. They are known to recruit members on prominent underground marketplaces and utilize a Tor-based chat room for ransom negotiations. The RansomHouse group recently developed a new tool dubbed as ‘MrAgent’ that targets VMware ESXi hypervisors typically known to house valua....

TA: 31854 TP: 1593 CP: 0