Review of the Summer 2023 #Microsoft #Exchange Online #Intrusion
the cascade of Microsoft’s avoidable errors that allowed this intrusion to succeed;
#cybersecurity
Nemesis Market: Leading Darknet Market Seized
The infamous Nemesis Market, a leading figure in the darknet marketplace ecosystem, has been successfully seized.
This operation dismantles a major hub of illegal online trade, ranging from narcotics to stolen data, affecting thousands of users worldwide.
The Rise of Nemesis Market
Nemesis Market emerged as a dominant player in the darknet space, filling the void left by previous marketplaces that were taken down by law enforcement.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
It quickly gained notoriety for its sophisticated security measures, a wide array of illicit goods, and its ability to evade the authorities.
The platform was known for trading in drugs, weapons, stolen identity data, and other illegal goods and services.
The seizure of Nemesis Market was the culmination of Operation Dark Hunt, a coordinated effort by law enforcement agencies in several countries.
The operation involved months of meticulous planning, surveillance, and collaboration between various international cybersecurity units.
Details of the operation remain classified, but sources indicate that combining cutting-edge digital forensics and traditional detective work was vital to infiltrating the market’s defenses.
The breakthrough came when investigators traced transactions to the market’s administrators, leading to their identification and arrest.
According to a recent tweet by Dark Web Informer, the Nemesis Market, one of the top five online marketplaces on the dark web, has been taken down.
🚨BREAKING🚨Nemesis Market, a top 5 darknet market, has been seized.
[
](https://twitter.com/hashtag/Nemesis?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/DarkWebInformer?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/DarkWeb?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cyberattack?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/CTI?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Darknet?src=hash&ref_src=twsrc%5Etfw)
[
pic.twitter.com/P22VDSo79v
— Dark Web Informer (@DarkWebInformer)
[
March 21, 2024
](https://twitter.com/DarkWebInformer/status/1770787868975210700?ref_src=twsrc%5Etfw)
The Impact on the Darknet Landscape
The takedown of Nemesis Market sends a powerful message to the darknet community: no entity is beyond the reach of the law.
This operation has significantly disrupted the supply chains of various illegal goods and services, temporarily decreasing their availability on the dark web.
However, experts warn that the void left by Nemesis Market is likely to be filled by other emerging platforms.
The dynamic nature of the darknet means that as one market falls, others rise to take its place.
Law enforcement agencies know this cycle and continuously develop new strategies to combat illegal online trade.
The Future of Cyber Law Enforcement
The successful seizure of Nemesis Market highlights the growing sophistication and international cooperation of cyber law enforcement.
Agencies are increasingly relying on advanced technology and cross-border collaborations to tackle the challenges posed by the darknet.
As the digital landscape evolves, so do the strategies of those operating within it.
The battle against illegal online marketplaces is ongoing, with both sides continuously adapting to the ever-changing environment.
The seizure of Nemesis Market is a significant milestone in the fight against darknet marketplaces.
It demonstrates the effectiveness of international law enforcement cooperation and the importance of staying ahead in the technological arms race against cybercriminals.
While challenges remain, the takedown of Nemesis Market is a testament to the global commitment to combating cybercrime and protecting citizens from the dangers of the dark web.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Nemesis Market: Leading Darknet Market Seized appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
Nemesis Market: Leading Darknet Market Seized
The infamous Nemesis Market, a leading figure in the darknet marketplace ecosystem, has been successfully seized.
This operation dismantles a major hub of illegal online trade, ranging from narcotics to stolen data, affecting thousands of users worldwide.
The Rise of Nemesis Market
Nemesis Market emerged as a dominant player in the darknet space, filling the void left by previous marketplaces that were taken down by law enforcement.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
It quickly gained notoriety for its sophisticated security measures, a wide array of illicit goods, and its ability to evade the authorities.
The platform was known for trading in drugs, weapons, stolen identity data, and other illegal goods and services.
The seizure of Nemesis Market was the culmination of Operation Dark Hunt, a coordinated effort by law enforcement agencies in several countries.
The operation involved months of meticulous planning, surveillance, and collaboration between various international cybersecurity units.
Details of the operation remain classified, but sources indicate that combining cutting-edge digital forensics and traditional detective work was vital to infiltrating the market’s defenses.
The breakthrough came when investigators traced transactions to the market’s administrators, leading to their identification and arrest.
According to a recent tweet by Dark Web Informer, the Nemesis Market, one of the top five online marketplaces on the dark web, has been taken down.
🚨BREAKING🚨Nemesis Market, a top 5 darknet market, has been seized.
[
](https://twitter.com/hashtag/Nemesis?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/DarkWebInformer?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/DarkWeb?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cyberattack?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/CTI?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Darknet?src=hash&ref_src=twsrc%5Etfw)
[
pic.twitter.com/P22VDSo79v
— Dark Web Informer (@DarkWebInformer)
[
March 21, 2024
](https://twitter.com/DarkWebInformer/status/1770787868975210700?ref_src=twsrc%5Etfw)
The Impact on the Darknet Landscape
The takedown of Nemesis Market sends a powerful message to the darknet community: no entity is beyond the reach of the law.
This operation has significantly disrupted the supply chains of various illegal goods and services, temporarily decreasing their availability on the dark web.
However, experts warn that the void left by Nemesis Market is likely to be filled by other emerging platforms.
The dynamic nature of the darknet means that as one market falls, others rise to take its place.
Law enforcement agencies know this cycle and continuously develop new strategies to combat illegal online trade.
The Future of Cyber Law Enforcement
The successful seizure of Nemesis Market highlights the growing sophistication and international cooperation of cyber law enforcement.
Agencies are increasingly relying on advanced technology and cross-border collaborations to tackle the challenges posed by the darknet.
As the digital landscape evolves, so do the strategies of those operating within it.
The battle against illegal online marketplaces is ongoing, with both sides continuously adapting to the ever-changing environment.
The seizure of Nemesis Market is a significant milestone in the fight against darknet marketplaces.
It demonstrates the effectiveness of international law enforcement cooperation and the importance of staying ahead in the technological arms race against cybercriminals.
While challenges remain, the takedown of Nemesis Market is a testament to the global commitment to combating cybercrime and protecting citizens from the dangers of the dark web.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Nemesis Market: Leading Darknet Market Seized appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
"Race conditions arise when multiple threads attempt to access a shared resource without proper synchronization, often leading to vulnerabilities such as concurrent use-after-free. To mitigate their occurrence, operating systems rely on synchronization primitives such as mutexes, spinlocks, etc."
"Our key finding is that all the common synchronization primitives implemented using conditional branches can be microarchitecturally bypassed on speculative paths using a branch misprediction attack, turning all architecturally race-free critical regions into Speculative Race Conditions, allowing attackers to leak information from the target."
Um. What? That's crazy!
"Mutex" here means "mutual exclusion". It is a lock that allows only one concurrent threat to enter a section. "Spinlock" refers to a more primitive technique, where a threat asks "are you unlocked yet?" over and over in a loop until the lock is released and it can acquire it. In modern systems, the hardware and the operating system work together to enable threads to go to sleep and get woken up when their locks are released instead of doing the spinlock thing.
Digging into this further, the researchers say:
"Since 2018, after the discovery of Spectre and Meltdown, transient execution attacks have become an intensively studied area of research."
You know, I remember hearing about Spectre but didn't look into the details of it.
"Whenever a modern CPU implements speculative optimizations (e.g., branch prediction), it speculatively executes a sequence of instructions. The two possible outcome for these instructions are that either they are committed and made visible to the architectural level or they are squashed due to mispeculation (e.g., misprediction) -- leading to transient execution. When the instructions are squashed, the CPU rollbacks the state. Despite the rollback, some microarchitectural side effects are left and can be observed through one of the many side channels available (e.g., data cache, branch target buffer, port contention, etc.) to leak sensitive information."
"Spectre-PHT, also known as Spectre-v1, is the first known attack of this kind, targeting the pattern history table and exploiting a code pattern. The code checks for x to be in-bound before performing a double array access. For exploitation purposes, the attacker can ensure x is out-of-bound and array1_ size is not present in the cache. In this scenario, instead of waiting for array1_size to be loaded from main memory to perform the comparison, the CPU speculates and starts to transiently execute the instructions beyond the comparison. If the comparison has been executed several times before with x in-bound, the CPU is prone to speculate that x is once again in-bound, hence transiently performing the out-of-bound access of array1. When the not cached array2 is accessed using the byte retrieved from the out-of-bound access of array1, the specific accessed location is loaded into the cache. The attacker can complete the 1 byte leak by testing which location of array2 can be accessed faster than the others. Its position within the buffer reveals the secret byte value. Notably, Spectre-PHT remains unmitigated in hardware. Software developers remain responsible to harden potentially vulnerable branches with mitigations (e.g., fencing to prevent speculation), but the extent to which all the 'right' branches have been adequately hardened in large high-value codebases such as the Linux kernel remains an open question."
"Concurrency bugs are a category of bugs which affect multithreaded programs and occur due to the absence or the incorrect use of synchronization primitives. Due to their nondeterministic behavior, concurrency bugs are one of the most elusive and difficult to triage classes of bugs. Under certain conditions, concurrency bugs can also lead to memory error vulnerabilities. In modern operating systems such as the Linux kernel, one of the most common memory error vulnerability caused by concurrency bugs is use-after-free."
"In a use-after-free attack, the first step is generally to free a memory object. This operation invalidates all the pointers to that object, which become dangling. The second step generally involves forcing the allocator to reuse the memory slot of the free object for the allocation of a new object. This step reinitialize the previously freed memory slot. The final step of the attack is generally to force the victim to use one of the dangling pointers, which now points to the newly allocated object. A read from or write to such pointer to controlled data can be used to exploit the bug in a variety of ways."
"When this attack is performed in concurrency settings, and the free step and the use step are executed by distinct threads sharing the underlying object. Such concurrent use-after-free vulnerability is harder to exploit than the single-threaded use-after-free case, since exploitation depends on thread interleaving and the availability of a sufficient race window. While the community has invested significant effort in investigating traditional concurrency bugs and concurrent use-after-free -- e.g., studies demonstrating that more than 40% of the use-after-free vulnerabilities patched in Linux kernel drivers are concurrent use-after-free -- their microarchitectural properties have largely been neglected. In this paper, we study such properties and their security implications for the first time, uncovering a new class of speculative execution vulnerabilities in the process."
They go on to explain their new exploitation technique to precisely interrupt any (kernel) thread and create an architecturally unbounded use-after-free exploitation window. This works by first identifying use-after-free exploitation windows as tiny as eight instructions. Then they employ high-precision hardware timers to interrupt the victim thread at just the right time and amplify the original UAF window. After that, they rely on user interfaces to trigger an interrupt storm to interrupt the victim thread in the amplified window, which has the effect of stretching the UAF window indefinitely. Probably should menton that by "user interfaces", here they mean things like the host controller interface layer of the near field communication (NFC) driver.
Then they go on to exploit speculative race conditions, their new term for speculative execution vulnerabilities "affecting all common synchronization primitives", by which they mean mutexes, spinlocks, etc. "We can consistently trick speculative execution into acquiring a mutex and entering the guarded critical region. Since this is the case regardless of the current (architectural) state of the mutex, we can speculatively acquire a mutex already held by another thread. In other words, the mutex becomes a no-op on the speculative path, leading to a speculative race condition and opening the door to arbitrary concurrency vulnerabilities at the microarchitectural level."
The end result of all this is that they can leak memory from the Linux kernel at a rate of 12 KB/s.
I have to say, I'm amazed people exist who can pull stuff like this off.
GhostRace: Exploiting and mitigating speculative race conditions - Syssec@IBM Research
#Microsoft #Security Breaches Rile U.S. #Government Customers
source: https://www.theinformation.com/articles/microsoft-security-breaches-rile-u-s-government-customers
Microsoft became the world’s biggest seller of cybersecurity software by bundling it with Office and Teams apps. But after a series of hacks exploited that software in the past year, several of Microsoft’s biggest customers are considering whether their reliance on Microsoft’s #software bundle puts their security at risk.
The clearest sign that Microsoft may face real consequences for its security lapses can be seen in #Washington. After the company disclosed last summer that Chinese hackers had broken into customers’ systems, including the U.S. State Department’s, the agency began to move its stored data into servers of other cloud providers such as #Amazon Web Services and #Google #Cloud, according to a technical adviser to the agency and an executive at one of the rival companies. And the agency has been discussing possible bigger cloud deals with those rivals, these people said.
#NIST National #Vulnerability #Database Disruption Sees #CVE Enrichment on Hold
Since February 12, 2024, NIST has almost completely stopped enriching software vulnerabilities listed in its National Vulnerability Database (NVD), the world's most widely used software vulnerability database.
Source: https://www.infosecurity-magazine.com/news/nist-vulnerability-database/
#nvd #usa #security #software #problem #exploit #hack #bug #news #cybersecurity
150K+ Networking Devices & Apps Exposed Online With Critical Vulnerabilities
The “State of the UAE—Cybersecurity Report 2024,” a collaborative effort by the UAE Cyber Security Council and CPX Holding, has released the United Arab Emirates (UAE) cybersecurity landscape.
The report presents a detailed examination of the cyber threats that the nation faces, highlighting the critical need for advanced cybersecurity measures.
The report has uncovered over 155,000 vulnerable assets within the UAE, with 40 percent of critical vulnerabilities left unaddressed for over five years.
This significant number of exposed assets, combined with the rise in sophisticated cyber-attacks such as ransomware, underscores the urgent need for robust cyber defenses in a region known for its AI-driven technological advancements and geopolitical importance.
Ransomware and Data Breaches: A Growing Concern
Ransomware attacks account for more than half of the cyber incidents in the UAE, with the Government, Energy, and Information Technology sectors being the prime targets.
Traditional attack vectors like Business Email Compromise (BEC) and phishing are still prevalent. They are expected to evolve with the integration of AI tools, making social engineering and phishing attempts more sophisticated.
The Middle East, including the UAE, faces the second-highest data breach costs globally, indicating the economic motivations of cyber threat actors amidst the region’s prosperity, as reported by CPX.
The increase in Distributed Denial of Service (DDoS) attacks further highlights the geopolitical complexity of cyber threats.
National Call to Action by UAE Officials
H.E. Dr. Mohamed Al Kuwaiti, Head of Cyber Security for the UAE Government, emphasized the critical need for collective vigilance and strategic action to counter these sophisticated cyber threats.
He called for an ecosystem-wide proactive engagement to reduce the nation’s vulnerability.
TECHx recently tweeted about the release of the ‘State of the UAE—Cybersecurity Report 2024’, which illuminates potential security weaknesses and the importance of a proactive approach to combating cyber threats.
Discover the 'State of the UAE –
[
](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)
Report 2024' exposing vulnerabilities and emphasizing collective vigilance against
[
](https://twitter.com/hashtag/cyber?src=hash&ref_src=twsrc%5Etfw)
threats.
[
](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/uaetour2024?src=hash&ref_src=twsrc%5Etfw)
Read more: UAE Urged to Boost Cybersecurity Amid Growing Threats
[
pic.twitter.com/A6cv4Pkq3w
— TECHx (@techxmediauae)
[
March 12, 2024
](https://twitter.com/techxmediauae/status/1767445309360058813?ref_src=twsrc%5Etfw)
Hadi Anwar, Executive Director of Strategic Programs at CPX, pointed out the economic vulnerabilities highlighted in the report and called for a unified approach to strengthen national defenses.
He stressed the importance of adopting advanced technologies, fostering a culture of cyber awareness, and building resilience.
Strategic Guide for Cyber Resilience
The report, compiled by a consortium of cybersecurity experts, serves as a strategic guide for government entities, businesses, and individuals.
It provides actionable insights to navigate the complexities of the digital era and outlines key best practices to mitigate cyber risks:
Implement Endpoint Detection and response (EDR): This is essential for identifying and mitigating threats and ensuring visibility across digital assets.
Establish a 24/7 Security Operation Centre (SOC): Vital for continuous surveillance and management of cyber incidents.
Leverage Cyber Threat Intelligence: Crucial for anticipating and neutralizing emerging threats through informed decision-making.
Create and Implement an Incident Response Plan: Fundamental for preparedness and swift action during cyber incidents.
Adopt Proactive Threat Hunting Processes: A forward-looking approach to identify and mitigate hidden threats, enhancing security posture.
As the UAE continues to lead in digital transformation, the report underscores the need for a concerted effort from all sectors to ensure the resilience and security of the nation’s digital landscape.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post 150K+ Networking Devices & Apps Exposed Online With Critical Vulnerabilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
150K+ Networking Devices & Apps Exposed Online With Critical Vulnerabilities
The “State of the UAE—Cybersecurity Report 2024,” a collaborative effort by the UAE Cyber Security Council and CPX Holding, has released the United Arab Emirates (UAE) cybersecurity landscape.
The report presents a detailed examination of the cyber threats that the nation faces, highlighting the critical need for advanced cybersecurity measures.
The report has uncovered over 155,000 vulnerable assets within the UAE, with 40 percent of critical vulnerabilities left unaddressed for over five years.
This significant number of exposed assets, combined with the rise in sophisticated cyber-attacks such as ransomware, underscores the urgent need for robust cyber defenses in a region known for its AI-driven technological advancements and geopolitical importance.
Ransomware and Data Breaches: A Growing Concern
Ransomware attacks account for more than half of the cyber incidents in the UAE, with the Government, Energy, and Information Technology sectors being the prime targets.
Traditional attack vectors like Business Email Compromise (BEC) and phishing are still prevalent. They are expected to evolve with the integration of AI tools, making social engineering and phishing attempts more sophisticated.
The Middle East, including the UAE, faces the second-highest data breach costs globally, indicating the economic motivations of cyber threat actors amidst the region’s prosperity, as reported by CPX.
The increase in Distributed Denial of Service (DDoS) attacks further highlights the geopolitical complexity of cyber threats.
National Call to Action by UAE Officials
H.E. Dr. Mohamed Al Kuwaiti, Head of Cyber Security for the UAE Government, emphasized the critical need for collective vigilance and strategic action to counter these sophisticated cyber threats.
He called for an ecosystem-wide proactive engagement to reduce the nation’s vulnerability.
TECHx recently tweeted about the release of the ‘State of the UAE—Cybersecurity Report 2024’, which illuminates potential security weaknesses and the importance of a proactive approach to combating cyber threats.
Discover the 'State of the UAE –
[
](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)
Report 2024' exposing vulnerabilities and emphasizing collective vigilance against
[
](https://twitter.com/hashtag/cyber?src=hash&ref_src=twsrc%5Etfw)
threats.
[
](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/uaetour2024?src=hash&ref_src=twsrc%5Etfw)
Read more: UAE Urged to Boost Cybersecurity Amid Growing Threats
[
pic.twitter.com/A6cv4Pkq3w
— TECHx (@techxmediauae)
[
March 12, 2024
](https://twitter.com/techxmediauae/status/1767445309360058813?ref_src=twsrc%5Etfw)
Hadi Anwar, Executive Director of Strategic Programs at CPX, pointed out the economic vulnerabilities highlighted in the report and called for a unified approach to strengthen national defenses.
He stressed the importance of adopting advanced technologies, fostering a culture of cyber awareness, and building resilience.
Strategic Guide for Cyber Resilience
The report, compiled by a consortium of cybersecurity experts, serves as a strategic guide for government entities, businesses, and individuals.
It provides actionable insights to navigate the complexities of the digital era and outlines key best practices to mitigate cyber risks:
Implement Endpoint Detection and response (EDR): This is essential for identifying and mitigating threats and ensuring visibility across digital assets.
Establish a 24/7 Security Operation Centre (SOC): Vital for continuous surveillance and management of cyber incidents.
Leverage Cyber Threat Intelligence: Crucial for anticipating and neutralizing emerging threats through informed decision-making.
Create and Implement an Incident Response Plan: Fundamental for preparedness and swift action during cyber incidents.
Adopt Proactive Threat Hunting Processes: A forward-looking approach to identify and mitigate hidden threats, enhancing security posture.
As the UAE continues to lead in digital transformation, the report underscores the need for a concerted effort from all sectors to ensure the resilience and security of the nation’s digital landscape.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post 150K+ Networking Devices & Apps Exposed Online With Critical Vulnerabilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
"IP address X-posure now a feature on Musk's social media thing."
"X-posure", see what they did there. Musk's "social media thing" is the service formerly known as Twitter.
"Video and audio calling features for X Premium users added last year to Elon Musk's version of Twitter have been expanded to everyone on the platform, and FYI: It may reveal your IP address to those you're nattering away to."
"For some of you, that's not a problem. You're calling people you know and trust anyway. For others, it may be a genuine privacy issue, so at least you've been warned."
This is interesting because in Jack Rhysider's Darknet Diaries, there are criminals who would do an internet voice call with another criminal, only to have them grab the IP address and use it against them later. Except I can't recall which ones off the top of my head. I think one was the guy who saved the world from the WannaCry ransomware. Someone else had grabbed his IP address years before and it came back to haunt him.
IP address X-posure now a feature on Musk's social media thing
#WhiteHouse Press Release: #Future #Software Should Be #Memory Safe -> this means no C++ anymore!
Source: https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/press-release-technical-report/
#ONCD makes the case that #technology manufacturers can prevent entire classes of vulnerabilities from entering the digital ecosystem by adopting memory safe programming languages.
#usa #security #CyberSecurity #cyberwar #problem #digital #computer #news #code #program
Git-Rotate: Leveraging #GitHub Actions to Bypass #Microsoft Entra Smart lockout
Source: https://research.aurainfosec.io/pentest/git-rotate/
Despite advancements in #cybersecurity, #password #spraying attacks remain a prevalent and effective technique for attackers attempting to gain unauthorised access to #cloud - based infrastructure and web applications by targeting their login portals. Password spraying involves attempting a small number of common passwords against a large number of usernames. This makes it difficult for #security systems to detect and mitigate as they often avoid common protections such as #account lockout policies by avoiding rapid or repeated login attempts for a single account. Attackers can easily obtain lists of commonly used passwords or use automated tools to generate potential passwords, increasing the likelihood of success.
CyberGate RAT Mimic as Dorks to Attack Cybersecurity Professionals
Threat actors target a niche group of internet users, security researchers, penetration testers, and even cybercriminals.
The weapon of choice is malicious software known as CyberGate Remote Access Trojan (RAT), which has been lurking in the cyber realm for several years.
The latest twist in its deployment involves a cunning disguise, where the RAT is being distributed under the guise of a URL to a seemingly harmless Dork converter tool.
Understanding “Dorks” in Cybersecurity
For the uninitiated, “Dorks” are not the awkward characters from a high school drama but rather specialized search queries.
Integrate ANY.RUN in your company for Effective Malware Analysis
Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers
Malware analysis can be fast and simple. Just let us show you the way to:
Interact with malware safely
Set up virtual machine in Linux and all Windows OS versions
Work in a team
Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox:
Analyze malware in ANY.RUN for free
These queries are instrumental for cybersecurity professionals and ethical hackers in uncovering vulnerable websites, sensitive data leaks, and hidden malware.
While Dorks serve as a force for good in the hands of defenders, enabling them to patch up security holes and protect data, they can also be wielded by malicious actors to exploit the same vulnerabilities.
Symantec’s Multi-Layered Defense Against CyberGate
Cybersecurity giant Symantec has developed a robust defense mechanism to combat this insidious threat.
Broadcom has recently reported that CyberGate RAT has been identified as masquerading as a Dork tool.
This RAT is a remote access Trojan that allows an attacker to gain unauthorized access to a computer system.
Symantec’s protection suite is designed to identify and neutralize the CyberGate RAT using a multi-layered approach:
Adaptive-based detection is represented by the signature ACM.Ps-RgPst!g1, which adapts to the evolving tactics of the RAT.
Behavior-based protection comes in the form of SONAR.
Dropper, a heuristic that monitors for suspicious behavior indicative of a trojan dropper.
W32 provides a file-based defense—Spyrat, which targets the file signatures associated with the CyberGate RAT.
Machine Learning-based security is cutting-edge and Heur.AdvML.B!100 employs advanced algorithms to predict and prevent attacks before they happen.
Threat Intelligence recently reported on Twitter that the CyberGate Remote Access Trojan (RAT) is disguised as a Dork tool, potentially allowing attackers to gain unauthorized access to targeted systems.
[
](https://twitter.com/hashtag/ThreatProtection?src=hash&ref_src=twsrc%5Etfw)
CyberGate RAT caught masquerading as a Dork tool, read more:
[
[
](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)
[
pic.twitter.com/3N9tTxNnBT
— Threat Intelligence (@threatintel)
[
March 11, 2024
](https://twitter.com/threatintel/status/1767105273494458551?ref_src=twsrc%5Etfw)
Symantec’s comprehensive strategy showcases the importance of adaptive, behavior-based, file-based, and machine-learning defenses in the ever-evolving battle against cyber threats.
As the CyberGate RAT continues to mimic legitimate tools to infiltrate the cybersecurity community’s systems, awareness and advanced protection systems like those offered by Symantec are critical in safeguarding against such deceptive attacks.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post CyberGate RAT Mimic as Dorks to Attack Cybersecurity Professionals appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
PoC Exploit Released for OpenEdge Authentication Gateway & AdminServer Vulnerability
A Proof of Concept (PoC) exploit has been released for a vulnerability in the OpenEdge Authentication Gateway and AdminServer.
This vulnerability, CVE-2024-1403, affects multiple versions of the OpenEdge platform and could potentially allow unauthorized access to sensitive systems.
Understanding the Vulnerability(CVE-2024-1403)
The vulnerability arises when the OpenEdge Authentication Gateway (OEAG) or the AdminServer is configured with an OpenEdge Domain that utilizes the OS local authentication provider.
Integrate ANY.RUN in your company for Effective Malware Analysis
Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers
Malware analysis can be fast and simple. Just let us show you the way to:
Interact with malware safely
Set up virtual machine in Linux and all Windows OS versions
Work in a team
Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox:
Analyze malware in ANY.RUN for free
This configuration can lead to unauthorized access during login attempts due to a flaw in the authentication routines.
Specifically, the vulnerability allows authentication success to be incorrectly returned from an OE local domain under certain conditions, such as when unexpected content is present in the credentials passed during the login process.
Affected versions include OpenEdge Release 11.7.18 and earlier, OpenEdge 12.2.13 and earlier, and OpenEdge 12.8.0.
The vulnerability has been addressed in the latest updates: OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1.
Community Progress has addressed the issue and has Updates in OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1.
Impact and Affected Components
The vulnerability has a broad impact, potentially affecting various components of the OpenEdge platform, including:
OpenEdge Database access through OEAG
AdminServer logins via OpenEdge Explorer (OEE) and OpenEdge Management (OEM)
Database Servers accepting OEAG-generated tokens
Secure Token Service Utilities
Pro2 web application utility for Pro2 management
Ptrace SecurityGmbH recently tweeted about a security vulnerability, CVE-2024-1403, that affects Progress OpenEdge software.
The vulnerability allows for authentication bypass, potentially putting sensitive information at risk.
CVE-2024-1403 Progress OpenEdge Authentication Bypass
[
[
](https://twitter.com/hashtag/Pentesting?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/CyberSecurity?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)
[
pic.twitter.com/ZlcONLkCWh
— Ptrace Security GmbH (@ptracesecurity)
[
March 8, 2024
](https://twitter.com/ptracesecurity/status/1766048766702809288?ref_src=twsrc%5Etfw)
Mitigation and Upgrade Instructions
A Proof of Concept (PoC) exploit has been made available for a significant vulnerability identified in the OpenEdge Authentication Gateway and AdminServer.
This flaw can potentially be exploited by attackers to gain unauthorized
For users running vulnerable versions of OpenEdge, upgrading to the fixed versions is crucial.
The fixed versions are:
- Vulnerable Version: OpenEdge Release 11.7.18 and earlier
Fixed Version: OpenEdge LTS Update 11.7.19
- Vulnerable Version: OpenEdge Release 12.2.13 and earlier
Fixed Version: OpenEdge LTS Update 12.2.14
- Vulnerable Version: OpenEdge Release 12.8.0
Fixed Version: OpenEdge LTS Update 12.8.1
For those unable to upgrade immediately, temporary mitigation steps include library replacement and domain replacement mitigation for OEAG and AdminServer mitigation strategies, such as using AdminServer Group controls and disabling the AdminService.
The release of the PoC exploit for CVE-2024-1403 underscores the importance of maintaining up-to-date security measures in software systems.
OpenEdge users are urged to review their systems, apply the necessary updates or mitigations, and remain vigilant against potential unauthorized access attempts.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post PoC Exploit Released for OpenEdge Authentication Gateway & AdminServer Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
Hacking computers through AI models. Possible because "Models are code." Who knew? AI models are Turing complete and can execute arbitrary code? Including malicious code deployed by hackers?
"At the heart of any Artificial Intelligence system lies a machine learning model -- the result of vast computation across a given dataset, which has been trained, tweaked, and tuned to perform a specific task or put to a more general application. Before a model can be deployed in a product or used as part of a service, it must be serialized (saved) to disk in what is referred to as a serialization format."
"If you've been following our research, you'll know that models are code, and several of the most widely used serialization formats allow for arbitrary code execution in some way, shape, or form and are being actively exploited in the wild."
"The biggest perpetrator for this is Pickle, which, despite being one of the most vulnerable serialization formats, is the most widely used. Pickle underpins the PyTorch library and is the most prevalent serialization format on Hugging Face as of last year. However, to mitigate the supply chain risk posed by vulnerable serialization formats, the Hugging Face team set to work on developing a new serialization format, one that would be built from the ground up with security in mind so that it could not be used to execute malicious code -- which they called Safetensors."
There's previous posts on the site where they show other formats are vulnerable, such as TensorFlow/Keras's HDF5 (which stands for Hierarchical Data Format version 5). HDF5 allows for "lambda" layers that allow calling of any arbitrary function as the "lambda" function, which in turn allows for arbitrary code execution and running malicious code. But here the focus is PyTorch's Pickle system.
"Safetensors does what it says on the tin, and, to the best of our knowledge, allows for safe deserialization of machine learning models largely due to it storing only model weights/biases and no executable code or computational primitives. To help pivot the Hugging Face userbase to this safer alternative, the company created a conversion service to convert any PyTorch model contained within a repository into a Safetensors alternative via a pull request. The code (convert.py) for the conversion service is sourced directly from the Safetensors projects and runs via Hugging Face Spaces, a cloud compute offering for running Python code in the browser.
"In this Space, a Gradio application is bundled alongside convert.py, providing a web interface where the end user can specify a repository for conversion. The application only permits PyTorch binaries to be targeted for conversion and requires a filename of pytorch_model.bin to be present within the repository to initiate the process."
They go on to describe how it dawned on them that, "Could someone hijack the hosted conversion service using the very thing that it was designed to convert?"
"Since we knew that the bot was creating pull requests from within the same sandbox that the convert code runs in, we also knew that the credentials for the bot would more than likely be inside the sandbox, too."
"Looking through the code, we saw that they were set as environmental variables and could be accessed using os.environ.get('HF_TOKEN'). While we now had access to the token, we still needed a method to exfiltrate it."
PetSmart warns of Active Password Cracking Attacks
PetSmart, Inc. is a renowned retail chain operating in the United States, Canada, and Puerto Rico.
It offers a comprehensive range of pet products and services such as pet supplies, grooming, training, and in-store adoptions.
PetSmart prides itself on being a trusted partner to pet parents and a dedicated advocate for pets’ well-being.
PetSmart has issued a warning regarding an uptick in password-guessing attempts on their website.
The pet retail giant reassures that there has been no breach of their systems, but the increased activity has prompted them to take precautionary measures.
Security Measures in Place
PetSmart’s vigilant security tools detected the unusual activity, which led to the company’s decision to deactivate the passwords of potentially affected accounts.
@import url(‘https://fonts.googleapis.com/css2?family=Poppins&display=swap’); @import url(‘https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap’); *{ margin: 0; padding: 0; text-decoration: none; } .container{ font-family: roboto, sans-serif; width: 90%; border: 1px solid lightgrey; padding: 20px; background: linear-gradient(2deg,#E0EAF1 100%,#BBD2E0 100%); margin: 20px auto ; border-radius: 40px 10px; box-shadow: 5px 5px 5px #e2ebff; } .container:hover{ box-shadow: 10px 10px 5px #e2ebff; } .container .title{ color: #015689; font-size: 22px; font-weight: bolder; } .container .title{ text-shadow: 1px 1px 1px lightgrey; } .container .title:after { width: 50px; height: 2px; content: ‘ ‘; position: absolute; background-color: #015689; margin: 20px 8px; } .container h2{ line-height: 40px; margin: 2px 0; font-weight: bolder; } .container a{ color: #170d51; } .container p{ font-size: 18px; line-height: 30px; } .container button{ padding: 15px; background-color: #4469f5; border-radius: 10px; border: none; background-color: #00456e ; font-size: 16px; font-weight: bold; margin-top: 5px; } .container button:hover{ box-shadow: 1px 1px 15px #015689; transition: all 0.2S linear; } .container button a{ color: white; } hr{ / display: none; / } Integrate ANY.RUN in your company for Effective Malware Analysis
Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers
Malware analysis can be fast and simple. Just let us show you the way to:
Interact with malware safely
Set up virtual machine in Linux and all Windows OS versions
Work in a team
Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox: ..
Analyze malware in ANY.RUN for free
Customers will need to reset their passwords the next time they attempt to log in to petsmart.com.
The company has provided straightforward instructions for password reset:
users can click the “forgot password” link on the login page or directly navigate to www.petsmart.com/account/ to initiate the process.
A Call for Stronger Password Hygiene
The PetSmart Data Security Team emphasizes the importance of robust password practices in the face of persistent threats from online fraudsters.
These malicious actors are known to obtain usernames and passwords and test them across various platforms, including those like PetSmart’s.
According to a recent tweet by Dark Web Informer, PetSmart has notified its customers about a security breach in its system via email.
.
[
@PetSmart
](https://twitter.com/PetSmart?ref_src=twsrc%5Etfw)
sent out the following email.
[
](https://twitter.com/hashtag/Ransomware?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/DarkWebInformer?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cyberattack?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/PetSmart?src=hash&ref_src=twsrc%5Etfw)
[
pic.twitter.com/Rib9SHtcaD
— Dark Web Informer (@DarkWebInformer)
[
March 6, 2024
](https://twitter.com/DarkWebInformer/status/1765476096760262942?ref_src=twsrc%5Etfw)
To combat this, the retailer advises customers to create strong, unique passwords for their accounts and to update them several times a year.
The use of different passwords for separate important accounts is also strongly recommended.
Understanding the inconvenience this may cause to their patrons, PetSmart extends its customer service support for any questions or concerns arising from this issue.
Customers can reach out via email at customercare@petsmart.com.
Maintaining Vigilance
PetSmart’s prompt response to the detected password-cracking attempts is part of its ongoing commitment to customer data security.
The company’s efforts to communicate with its customers about the potential risks and the steps being taken to mitigate them reflect an industry-wide push towards greater transparency and proactive security measures in the digital age.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post PetSmart warns of Active Password Cracking Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
A leaky #database spilled #2FA codes for the world’s tech giants
source: https://techcrunch.com/2024/02/29/leaky-database-two-factor-codes/
A #technology company that routes millions of #SMS text messages across the world has secured an exposed database that was spilling one-time #security codes that may have granted users’ #access to their #Facebook, #Google and #TikTok accounts.
#news #fail #cybersecurity #problem #economy #internet #account #login #authentication #mobile #software
Der Film Hacked zeigt was passieren kann wenn unsere Wohnungen über #IoT gesteuert werden 😱
Eine zentrale Frage bleibt allerdings unbeantwortet: Wie kann man so dämlich sein ins Badezimmer eine #Webcam einzubauen? Mir fällt kein Szenario ein wo dies sinnvoll sein könnte.
Hier zum Film: https://www.youtube.com/watch?v=WTn5ow9l5UM
Dass der Hacker alles unverschlüsselt offline auf USB-Sticks speichert und nicht verschlüsselt in der Cloud scheint auch eher, einem uninformiertem Drehbuchauthor ensprungen zu sein.
#film #hack #hacker #Erpressung #sicherheit #CyberSecurity #cybercrime #entertainment
How Nation-State Actors Target Your #Business: New Research Exposes Major #SaaS Vulnerabilities
https://thehackernews.com/2024/02/how-nation-state-actors-target-your.html
A former CIA officer has been sentenced to 40 years in prison for leaking classified hacking tools to Wikileaks.
"On March 7, 2017, WikiLeaks began publishing classified data from the Stolen CIA Files. Between March and November 2017, there were a total of 26 disclosures of classified data from the Stolen CIA Files that WikiLeaks denominated as Vault 7 and Vault 8 (the 'WikiLeaks Disclosures'). The WikiLeaks Disclosures were one of the largest unauthorized disclosures of classified information in the history of the US, and Joshua Adam Schulte's theft and disclosure immediately and profoundly damaged the CIA's ability to collect foreign intelligence against America's adversaries; placed CIA personnel, programs, and assets directly at risk; and cost the CIA hundreds of millions of dollars."
Joshua Schulte: Former CIA hacker sentenced to 40 years in prison
A social network called Spoutible, that I never heard of but that was apparently trying to woo users leaving the service formerly known as Twitter, had an insecure API that allowed anybody to obtain email, IP address, phone number, bcrypt hashed password, 2FA secret, backup code, and the code that can be immediately used to reset the password, for all users on the site. D'oh!
At least the passwords were bcrypt encrypted, but too simple passwords can still be cracked. The 2FA backup codes were 6-digit numbers encrypted with bcrypt, but because they were only 6-digit numbers, they can be cracked in about 3 minutes.
#solidstatelife #cybersecurity
https://www.troyhunt.com/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data/
