Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild.
Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework.
"There are indications that CVE-2023-35674 may be under limited, targeted exploitation," the company said in its Android Security Bulletin for September 2023 without delving into additional specifics.
The update also addresses three other privilege escalation flaws in Framework, with the search giant noting that the most severe of these issues "could lead to local escalation of privilege with no additional execution privileges needed"...
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Leak News
News in the criminal world, information about leaks
Forum Prefix Filter
Sticky threads
Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL).
"The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation," Nozomi Networks said in a report published last week.
The issues, tracked as CVE-2023-34392 and from CVE-2023-31168 through CVE-2023-31175, have CVSS severity scores ranging from 4.8 to 8.8 and impact SEL-5030 acSELeratorQuickSet and SEL-5037 GridConfigurator, which are used to commission, configure, and monitor the devices.
Exploitation of CVE-2023-31171 could be achieved by sending a phishing email that tricks a victim engineer into importing a specially...
Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes.
"It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced communication protocol," Morphisec said in a new detailed technical write-up shared with The Hacker News.
Chaes, which first emerged in 2020, is known to target e-commerce customers in Latin America, particularly Brazil, to steal sensitive financial information.
A subsequent analysis from Avast in early 2022 found that the threat actors behind the operation, who call themselves Lucifer, had breached more than 800 WordPress websites to...
A coordinated law enforcement effort codenamed Operation Duck Hunt has felled QakBot, a notorious Windows malware family that's estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware.
To that end, the U.S. Justice Department (DoJ) said the malware is "being deleted from victim computers, preventing it from doing any more harm," adding it seized more than $8.6 million in cryptocurrency in illicit profits.
The cross-border exercise involved the participation of France, Germany, Latvia, Romania, the Netherlands, the U.K., and the U.S., alongside technical assistance from cybersecurity company Zscaler.
The dismantling has been hailed as "the largest U.S.-led financial and...
Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight).
The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.
"A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI," VMware said earlier this week.
Summoning Team's Sina Kheirkhah, who published the PoC following an analyzing the patch by VMware, said the root cause can be traced back to a bash script...
Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld.
Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure is employed.
"Some of these tools include enumeration software, RAT payloads, exploitation and credential stealing software, and finally ransomware payloads," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a technical breakdown of the activity.
"The ransomware payload of choice appears to be a newer variant of Mimic ransomware called FreeWorld."
Initial access to the victim host is achieved by brute-forcing the MS SQL server, using it to...
American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information (PII).
Paramount said in breach notification letters signed by Nickelodeon Animation Studio EVP Brian Keane sent to affected individuals that the attackers had access to its systems between May and June 2023.
"Based on our investigation, the personal information may have included your name, date of birth, Social Security number or other government-issued identification number (such as driver's license number or passport number) and information related to your relationship with Paramount," the mass media giant told impacted people.
After discovering the incident, the...
A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S.
"The threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit activities," Trend Micro researchers Ted Lee, Lenart Bermejo, Hara Hiroaki, Leon M Chang, and Gilbert Sison said.
Active since at least 2020, Earth Estries is said to share tactical overlaps with another nation-state group tracked as FamousSparrow, which was first exposed by ESET in 2021 as exploiting ProxyLogon flaws in Microsoft Exchange...
New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework.
The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON security conference held earlier this month.
Microsoft's container architecture (and by extension, Windows Sandbox) uses what's called a dynamically generated image to separate the file system from each container to the host and at the same time avoid duplication of system files.
It's nothing but an "operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that...
Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports.
The Shadowserver Foundation said that it's "seeing exploitation attempts from multiple IPs for Juniper J-Web CVE-2023-36844 (& friends) targeting /webauth_operation.php endpoint," the same day a proof-of-concept (PoC) became available.
The issues, tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847, reside in the J-Web component of Junos OS on Juniper SRX and EX Series. They could be chained by an unauthenticated, network-based attacker to execute arbitrary code on susceptible installations.
Patches for the flaw were released...
Cybersecurity researchers have discovered malicious Android apps for Signal and @fbi_gov @leakbase_official_v2 distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices.
Slovakian company ESET attributed the campaign to a China-linked actor called GREF.
"Most likely active since July 2020 and since July 2022, respectively, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites representing the malicious apps Signal Plus Messenger and FlyGram," security researcher Lukáš Štefanko said in a new report shared with The Hacker News.
Victims have been primarily detected in...
Risk and financial advisory solutions provider Kroll on Friday disclosed that one of its employees fell victim to a "highly sophisticated" SIM swapping attack.
The incident, which took place on August 19, 2023, targeted the employee's T-Mobile account, the company said.
"Specifically, T-Mobile, without any authority from or contact @fbi_gov with Kroll or its employee, transferred that employee's phone number to the threat actor's phone at their request," it said in an advisory.
This enabled the unidentified actor to gain access to certain files containing personal information of bankruptcy claimants in the matters of BlockFi, FTX, and Genesis.
SIM swapping (aka SIM splitting or simjacking), while generally a benign process...
In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry.
The libraries, uploaded between August 14 and 16, 2023, were published by a user named "amaperf," Phylum said in a report published last week. The names of the packages, now taken down, are as follows: postgress, if-cfg, xrvrv, serd, oncecell, lazystatic, and envlogger.
It's not clear what the end goal of the campaign was, but the suspicious modules were found to harbor functionalities to capture the operating system information (i.e., Windows, Linux, macOS, or Unknown) and transmit the data to a hard-coded @fbi_gov @leakbase_official_v2...
Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL.
"An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens," Secureworks Counter Threat Unit (CTU) said in a technical report published last week.
"The threat actor could then call Power Platform API via a middle-tier service and obtain elevated privileges."
Following responsible disclosure on April 5, 2023, the issue was addressed by Microsoft via an update released a day later. Secureworks has also made available an open-source tool...
Public Wi-Fi, which has long since become the norm, poses threats to not only individual users but also businesses. With the rise of remote work, people can now work from virtually anywhere: a cafe close to home, a hotel in a different city, or even while waiting for a plane at the airport. Next, let's explore the risks of connecting to public Wi-Fi, both for you personally and for businesses.
According to the Forbes Advisor the majority of people (56%) connect to public Wi-Fi networks that don't require a password. This convenience comes at a price, and many are unaware that attackers can steal card details, passwords, and other sensitive information.
Man-in-the-Middle (MITM) Attacks: This is one of the most common threats on public...
Швейцарский защищенный почтовый сервис ProtonMail в 2022 году в рамках судебных процедур предоставил данные 5 957 своих пользователей властям. За год к компании поступило 6 995 запросов от правоохранительных органов.
ProtonMail, запущенный в 2014 году, является одним из наиболее популярных безопасных почтовых сервисов в мире. Он акцентирует внимание на высокий уровень конфиденциальности и безопасности, подчеркивая преимущества своей швейцарской юрисдикции. Однако, как подчеркнуто в заявлении компании, это не гарантирует абсолютную безопасность данных.
С 2017 года ProtonMail регулярно публикует отчеты о прозрачности, в которых раскрывается статистика запросов на данные пользователей и их удовлетворения. Forbes ранее сообщал о случае...
Today Microsoft announced they're changing the way they name and label threat groups. The new naming convention now aligns with "the theme of weather"
The new names are absolutely ridiculous and we are having a difficult time taking it seriously
TA505, the group believed to be behind the Dridex Banking Trojan, Locky ransomware, and GlobeImposter ransomware, has been renamed internally at Microsoft Threat Intelligence.
The U.K. Electoral Commission on Tuesday disclosed a "complex" cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people.
"The incident was identified in October 2022 after suspicious activity was detected on our systems," the regulator said. "It became clear that hostile actors had first accessed the systems in August 2021."
The intrusion enabled unauthorized access to the Commission's servers hosting email, control systems, and copies of the electoral registers it maintains for research purposes. The identity of the intruders are presently unknown.
The registers included the name and address of anyone in the U.K. who registered to...
Сначала главное: выключенная биометрия и общение в зашифрованных приложениях — это не пожелание, а необходимость
Включенные Face ID и Touch ID существенно упрощают взлом как для силовиков, так и для хакеров. Так что лучше выключите их.
Полезная привычка — переписываться только в тех мессенджерах, где поддерживается end-to-end шифрование (например, Session или секретные чаты @fbi_gov @leakbase_official_v2 ), а также пользоваться автоудалением сообщений раз в какое-то время.
Если вся важная информация быстро исчезнет, то и предъявлять вам будет нечего.
Стоит еще раз проверить, везде ли (где возможно) настроена двухфакторная аутентификация
С двухфакторной аутентификации начинается, кажется, любая инструкция по цифровой безопасности...
Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application.
"Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Trend Micro researchers said in an analysis published last week. "In this case, the distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer."
Malvertising refers to the use of SEO poisoning techniques to spread malware via online advertising. It typically involves hijacking a chosen set of keywords to display bogus ads on Bing and Google search results pages with the goal of...
Министерство юстиции объявило об обвинениях против гражданина России за его причастность к развертыванию многочисленных программ-вымогателей LockBit и других кибератак на компьютерные системы жертв в США, Азии, Европе и Африке.
20-летний Руслан Магомедович Астамиров (АСТАМИРОВ, Руслан Магомедовичь) из Чеченской Республики, Россия, обвиняется по жалобе, распечатанной сегодня в федеральном суде Ньюарка, в сговоре с целью совершения мошенничества с использованием электронных средств связи и сговоре с целью умышленного повреждения защищенных компьютеров и передачи требований о выкупе. Астамиров был арестован по жалобе в Аризоне, и его первое появление в округе Аризоны запланировано.
«Астамиров — третий обвиняемый, которому этот офис...
Documents from the confidential database of the ministry of labor of Ecuador.
Confidential information exposed.
POC:
Imgur: The magic of the Internet
Imgur: The magic of the Internet
Imgur: The magic of the Internet
Imgur: The magic of the Internet
Imgur: The magic of the Internet
Imgur: The magic of the Internet
imgur.com
Imgur: The magic of the Internet
Total: 1Gb information
Additional backdoor on a server, further information by @fbi_gov @leakbase_official_v2
@fbi_gov @leakbase_official_v2 : @HagoromoS4v10
В Череповце был вынесен приговор 19-летнему хакеру. Молодой человек организовал атаку на компьютеры пользователей, используя стиллер для получения паролей и дальнейшей продажи их.
Осенью 2022 года хакер разместил ролик на YouTube добавив в описание ссылку на файл содержащий вирус. Те, кто скачал файл, стали жертвами стиллера. Вирус собирал информацию о логинах, паролях, сетевых адресах пользователей и данных крипто-кошельков. Полученную информацию молодой хакер успешно продавал .
В ходе расследования подозреваемый полностью признал свою вину и сотрудничал со следствием. В результате рассмотрения дела суд вынес решение о наказание в виде 1 года лишения свободы с испытательным сроком в 1 год. Кроме того, все компьютерное оборудование...
VirusTotal Data Leak Exposes Some Registered Customers' Details
Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform.
The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and Der Standard yesterday.
Launched in 2004, VirusTotal is a popular service that analyzes suspicious files and URLs to detect types of malware and malicious content using antivirus engines and website scanners. It was acquired by Google in 2012 and became a subsidiary of Google Cloud's Chronicle unit in 2018.
When reached for comment, Google...