ISC StormCast for Thursday, June 1st, 2023
Apache NiFi Attacks https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900 Gigabyte App Center Backdoor; https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/ Salesforce
.ZIP domains, AI lies, and did social media inflame a riot?
ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?All this and much much more is...
Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.
SeroXen is a new elusive evolution of the Quasar RAT that seems to live up to its hype, and DogeRAT is a cheap Trojan targeting Indian Android users. Salesforce ghost sites...
Career Ladders In Information Security – Marc French – BSW Vault
Check out this interview from the BSW VAULT, hand picked by main host Matt Alderman! This segment was originally published on June 8, 2020. Marc French has more than 25 years of technology experience in engineering, operations, product management,...
Career Ladders In Information Security – Marc French – BSW Vault
Check out this interview from the BSW VAULT, hand picked by main host Matt Alderman! This segment was originally published on June 8, 2020. Marc French has more than 25 years of technology experience in engineering, operations, product management,...
ISC StormCast for Wednesday, May 31st, 2023
Malspam Pushes ModiLoader Infection for Remocs Rat https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896 MacOS SIP
SN 925: Brave's Brilliant Off the Record Request – .ZIP TLD, Bitwarden Passkey support, PyPi
Picture of the Week.
HP = "Huge Pile"
The ".ZIP" TLD — What could possibly go wrong?
PyPI gets more serious about security AND privacy.
"No logs saved anywhere"???
Twitter in the EU?
Bitwarden's support for Passkeys.
A...
Risky Business #708 – China's lolbin-powered adventures in US critical infrastructure
On this week’s show Patrick Gray and Adam Boileau discuss the...
Mirai’s new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.
New Mirai malware uses low-complexity exploits to expand its botnet in IoT devices. The latest on Volt Typhoon. DDoS hits government sites in Senegal. The Pentagon's cyber strategy incorporates lessons from...
ISC StormCast for Tuesday, May 30th, 2023
Analyzing Office Documents Embedded Inside PowerPoint Files https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894 DocuSign Themed
Meta’s $1.3 Billion Fine, AI Hoax Hysteria, Montana’s TikTok Ban
In this episode, we discuss Meta’s record-breaking $1.3 billion fine by the EU for unlawfully transferring user data, shedding light on the increasing risks faced by tech companies in violating privacy rules.
Highly realistic images of a Pentagon explosion went...
Episode 377 – The world is changing too fast for humans to understand
Josh and Kurt talk about PyPI suspending new accounts and packages for a day, and a 60 minutes story about deepfakes. The problems are mostly the same, but for very different reasons. The world is changing faster than we...
Weekly Update 349
Presently sponsored by: Kolide can get your cross-platform fleet to 100% compliance. It's Zero Trust for Okta. Want to see for yourself? Book a demo.This week's update is dominated by my experience with "Lena", the scammer from Gumtree who...
Bsides Seattle and Austin, SecureBoot patch, and more
BrakeSec Show Outline – No Guest Show Topic Summary (less than 300 words) Bsides Seattle and Bsides Austin ...
CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.
CosmicEnergy is OT and ICS malware from Russia, maybe for red teaming, maybe for attack. Updates on Volt Typhoon, China’s battlespace preparation in Guam and elsewhere. In the criminal underworld, Legion...
SWN #301 – Brain Implants, Volt Typhoon, CosmicEnergy, OAuth, ILoveYou , Aaran Leyland, and More
Ferret Legging, Elon's Brain Implants, Volt Typhoon, CosmicEnergy, OAuth, ILoveYou (and that's not just the Molly talking), Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on...
7MS #573: Securing Your Mental Health – Part 4
Today we're talking about reducing anxiety by hacking your mental health with these tips:
Using personal automation to text people important reminders
Using Remind to create a personal communication "class" with your family members
Using Smartsheet (not a sponsor) to create daily...
Shadow Warrior with Ric Prado
In the covert world of intelligence and espionage, where shadows merge with reality, there exists a select group of individuals who operate on the razor's edge between life and death. Among them is a man named Ric Prado, AKA...
ISC StormCast for Friday, May 26th, 2023
IR Case/Alert Management https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880 Exploit for CVE-2023-2825 GitLab Vulnerability https://github.com/Occamsec/CVE-2023-2825
ESW #319 – Amitai Ratzon, Steve Ragan, Deepika Chauhan, Thomas Kinsella, Jon Check
On this edition of the ESW news, we're all over the place! Funding and acquisitions are a little sad right now, but AI and TikTok bans raise our spirits. The hosts are split on feelings about the new .zip...
Ukraine war blurs lines between cyber-crims and state-sponsored attackers
This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
We need to refine and secure AI, not turn our backs on the technology
While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
