Thursday, August 18, 2022
Internet Storm Center Infocon Status

LATEST

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, heathcare security

Chester attends DEF CON from afar. Zoom fixes an 0-day. An APIC leak that isn't EPIC. $10m for dobbing in Conti criminals. Cybersecurity in hospitals. Ransomware in triplicate. https://nakedsecurity.sophos.com/zoom-for-mac-patches-get-root-bug https://nakedsecurity.sophos.com/apic-epic-intel-chips-leak-secrets https://nakedsecurity.sophos.com/us-offers-reward-up-to-10-million https://pubmed.ncbi.nlm.nih.gov/31506956/ https://news.sophos.com/en-us/multiple-attackers-increase-pressure With Doug Aamoth and Paul Ducklin Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories...

Apple patches double zero-day in browser and kernel – update now!

Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
The Register

Google, Apple squash exploitable browser bugs

Chrome flaw has public exploit, WebKit hole actively abused along with kernel escalation Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild.…

Update Chrome now to patch actively exploited zero-day

Enlarge / It's a good time to restart or update Chrome—if your tabs love you, they'll come back. (credit: Getty Images) Google announced an update on Wednesday to the Stable...
The CyberWire Podcast

Cyber incidents and lessons from Russia's hybrid war. Zimbra vulnerabilities exploited. New Lazarus Group activity reported. ICS security advisories .Insider trading charges from 2017 Equifax breach.

A DDoS attack against a Ukrainian nuclear power provider. The US Army draws some lessons from the cyber phases of Russia's hybrid war. Vulnerabilities in Zimbra are undergoing widespread exploitation.Reports of...
Security Weekly

BSW #273 – Jess Burn

In 1995, Craig Newmark started curating a list of San Francisco arts and technology events, which he personally emailed to friends and colleagues. People were soon calling it “Craig’s List.” Most know the rest of the story. But what...
Security Weekly

ASW #208 – Tanya Janca

Let's talk about adding security tools to a CI/CD, the difference between "perfect" and "good" appsec, and my upcoming book. Segment Resources: https://community.wehackpurple.com #CyberMentoringMonday on Twitter Microsoft fixes an old bounty from 2019, rewards almost $14M on bounties in...
The Register

Software developer cracks Hyundai car encryption with Google search

Top tip: Your RSA private key should not be copied from a public code tutorial A developer says he was able to run his own software on his car infotainment hardware after discovering the vehicle's manufacturer had secured its...

New Deep Instinct partner program targets MSSPs fighting ransomware

Cybersecurity firm Deep Instinct has rolled out a new partner program to provide its endpoint and application protection software to managed security service providers (MSSPs), the company announced Wednesday.The Stratosphere program was initially announced in April, and designed as...

Universal database of device vulnerability information launched

A universal database of agentless devices currently being used on enterprise networks has been announced by DeviceTotal. The new repository allows the company's customers to identify the accurate security posture for each device in their organization, according to the...

iOS 15.6.1—Update Now Warning Issued To All iPhone Users

Apple has released iOS 15.6.1, along with a warning to update now, because it fixes two security holes already being used to attack iPhones.

Google Chrome Zero-Day Found Exploited in the Wild

The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.
SecurityWeek

Apple Patches New macOS, iOS Zero-Days

Apple on Wednesday rolled out emergency patches for a pair of already exploited zero-day vulnerabilities in its flagship macOS and iOS platforms. Apple confirmed in-the-wild exploitation of the vulnerabilities in separate advisories warning about code execution flaws in fully patched...
The Register

After 7 years, long-term threat DarkTortilla crypter is still evolving

.NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says A highly pervasive .NET-based crypter that has flown under the radar since about 2015 and can deliver a wide range of malicious payloads continues to...

'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections

The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip.
Security Affairs

Google fixed a new Chrome Zero-Day actively exploited in the wild

Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including an actively exploited high-severity...

When Countries Are Attacked: Making the Case for More Private-Public Cooperation

The increased sophistication of cyberattacks makes them more widely damaging and difficult to prevent.
Unsuperivsed Learning Podcast

News & Analysis | NO. 344

Blackhat/DEFCON, TikTok Lockdown, MailChimp Breach… Sponsor: JupiterOne https://www.jupiterone.com/unsupervisedlearning  Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.
The Register

How to stop the evil lurking in the shadows

Webinar  Barely a day goes by without news of a ransomware attack somewhere in the media. And these types of cyber security incident can seriously derail financial, social, health and industrial activity, inflicting massive damage and requiring a...
TechRepublic

Seaborgium targets sensitive industries in several countries

The cyberespionage threat actor is aligned with Russian interests and has hit numerous organizations since 2017, aiming at stealing sensitive data. The post Seaborgium targets sensitive industries in several countries appeared first on TechRepublic.

'Operation Sugarush' Mounts Concerning Spy Effort on Shipping, Healthcare Industries

A suspected Iranian threat actor known as UNC3890 is gathering intel that could be used for kinetic strikes against global shipping targets.

iOS VPNs have leaked traffic for more than 2 years, researcher claims

Enlarge (credit: Getty Images) A security researcher says that Apple's iOS devices don't fully route all network traffic through VPNs, a potential security issue the device maker has known about...
Infosecurity Magazine

CISA Warns of Hackers Exploiting Multiple Vulnerabilities in the Zimbra Collaboration Suite

The advisory was compiled by CISA with the Multi-State Information Sharing & Analysis Center

China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure

The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say.
IBM Security

Healthcare Breaches Costliest for 12 Years Running, Hit New $10.1M Record High

IBM Security and the Ponemon institute release an annual report known as one the most significant industry benchmarks. The Cost of a Data Breach analysis examines real-world breaches in great detail, producing insights into the factors that impact the...
980FollowersFollow

LEADERS

Bruce Schneier

Zoom Exploit on MacOS

This vulnerability was reported to Zoom last December: The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer....
Brian Krebs

When Efforts to Contain a Data Breach Backfire

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was...
Bruce Schneier

Remotely Controlling Touchscreens

This is more of a demonstration than a real-world vulnerability, but researchers can use electromagnetic interference to remotely control touchscreens. From a news article: It’s important to note that the attack has a few key limitations. Firstly, the hackers need to...
Bruce Schneier

$23 Million YouTube Royalties Scam

Scammers were able to convince YouTube that other peoples’ music was their own. They successfully stole $23 million before they were caught. No one knows how common this scam is, and how much money total is being stolen in this...
Bruce Schneier

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking as part of a Geneva Centre for Security Policy course on Cyber Security in the Context of International Security, online, on September 22, 2022. I’m...