Cybersecurity Flow

Azov 勒索软件家族最早出现在2022年10月中旬，是一款感染型勒索病毒。

00:00 – PreShow Banter™ — Woke Up Like This03:20 – BHIS – Talkin’ Bout [infosec] News 2023-01-3005:04 – Story # 1: GoTo says hackers stole customers’ backups and encryption keyhttps://www.bleepingcomputer.com/news/security/goto-says-hackers-stole-customers-backups-and-encryption-key/09:48 […]
The post Talkin’ About Infosec News – 2/3/2023 appeared first on Black Hills Information Security.

Patching AmsiOpenSession by forcing an error branching

Keep it secret, keep it safe

Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit

影响厂商:Internet Bug Bounty 奖励: 危险等级:medium

Patching AmsiOpenSession by forcing an error branching

Article Link: Microsoft Edge security advisory (AV23-067) - Canadian Centre for Cyber Security
1 post - 1 participant
Read full topic

This blog post is the second in a series related to machine learning, and demonstrates exactly how a data poisoning attack might work to insert a backdoor into a facial authentication system. The simplified system has similarities to that which the TSA is running a proof of concept trial at the Detroit and Atlanta airports. As background, … Continue reading Machine Learning 102: Attacking Facial Authentication with Poisoned Data →

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.
[GitHub]Responsive FileManager v.9.9.5 vulnerable to CVE-2022–46604.

Cyber attacks can undermine space-based capabilities, Gen. Chance Saltzman said.
Article Link: To Protect Satellites, Secure Your Networks, Chief of Space Ops Says - Nextgov
1 post - 1 participant
Read full topic

Article Link: Sonatype's 2022: A Year-End Recap
1 post - 1 participant
Read full topic

Article Link: Walking the Process Environment Block (PEB) - How-To Discover In-Memory Libraries - YouTube
1 post - 1 participant
Read full topic

Article Link: Atlassian security advisory (AV23-062) - Canadian Centre for Cyber Security
1 post - 1 participant
Read full topic

A former employee of the technology company Ubiquiti pleaded guilty on Thursday in a Manhattan federal courtroom on charges related to perpetrating an audacious insider attack on his employer, in which he accessed a trove of confidential data before demanding a ransom.
Nickolas Sharp, 37, was a senior software engineer at the New York-based company, which specializes in wireless communications. In his role, he was responsible for cloud infrastructure security, as well as software development.
According to the federal indictment, in late 2020 Sharp began abusing his administrative access and downloaded gigabytes of confidential data from the company’s Amazon Web Services and GitHub servers.
“Nickolas Sharp’s company entrusted him with confidential information that he exploited and held for ransom,” U.S. Attorney Damian Williams said Thursday in a statement announcing the guilty plea.
Sharp’s plan also had a disinformation angle. As Williams noted, “Adding insult to injury, when Sharp wasn’t given his ransom de

Welcome to this week’s edition of the Threat Source newsletter.
If you haven’t noticed yet we’ve had a few guest writers on this newsletter over the last few months. Alas my time covering the newsletter has ended and I leave you with one final edition. Have no fear, William Largent will be rounding out the guest appearances next week and your long-time host Jon Munshaw will be back at the helm. Thanks for sticking with us this long and if you’re newly subscribed welcome!
The one big thing
Next week will be our final installment of our 2022 Year in Review report coverage. We’ll be publishing a final topic summary on Ransomware and Commodity Loaders and follow up these reports with a livestream on LinkedIn and Twitter with report and subject matter experts.
Why do I care?
We published our full 2022 Year in Review early December. If you haven’t read it yet we highly suggest your download your copy here or check out our previous livestreams. Through these reports and videos we’ve broken down the threat landscape 

The North Korean military’s notorious hacking arm – known as the Lazarus Group – has been accused of targeting public and private sector research organizations, an Indian medical research company and other businesses in the energy sector.
Security analysts at WithSecure said they were called on to respond to a cyberattack that they initially tied to the BianLian group — a ransomware gang that has targeted the health care, education, insurance and media industries since at least December 2021. But on closer examination, they assessed that several key factors pointed to Lazarus.
“One of the victims was in the health care research vertical within India. In recent years the Indian research and technology sector has been a common target of those North Korean threat groups with a focus on intelligence collection,” the researchers said.
“Other victims of this campaign identified by WithSecure included health care research, a manufacturer of technology used in energy, research, defense, and health care verticals, as 

Applications may soon become more secure as code written by artificial intelligence (AI) platforms finds its way onto next-generation secure processors. Matt Jarvis, director of developer relations for Snyk, told attendees at the CloudNative SecurityCon North America conference today that AI platforms used to write code will not use the same high-level programming languages that..
The post AI, Processor Advances Will Improve Application Security appeared first on Security Boulevard.
Article Link: AI, Processor Advances Will Improve Application Security - Security Boulevard
1 post - 1 participant
Read full topic

I don’t get nearly as much opportunity to play with packets these days as I did in the first 5-10 years I was a handler and I miss it. I was looking back through some of my old diaries and realized that in the years since I wrote some of them, we have at least a generation of folks who have entered the field. So I thought that on (the day after) Groundhog Day, it might be time to point folks back to some stuff I wrote earlier. Note, some of the tools have changed/evolved, so ethereal is now wireshark and instead of hping3 I would probably use scapy, but here are 2 of my favorite diaries from the past. Check them out, [1] is from 2006 and [2] is from 2009.
Article Link: https://isc.sans.edu/diary/rss/29504
1 post - 1 participant
Read full topic

Article Link: https://isc.sans.edu/diary/rss/29506
1 post - 1 participant
Read full topic

Cyber criminals are trying a new method to help ensure phishing attacks are successful - here’s what to watch out for.
Article Link: Hackers are using this new trick to deliver their phishing attacks | ZDNET
1 post - 1 participant
Read full topic

We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the automated features of the malware, we found that the threat actor abused legitimate test framework Easyclick to write a Javascript-based automation script for functions such as clicks and gestures.
Article Link: TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users
1 post - 1 participant
Read full topic

The University of Zurich, Switzerland’s largest university, announced on Friday it was the target of a “serious cyberattack,” which comes amid a wave of hacks targeting German-speaking institutions.
The university’s website is currently inaccessible, but the phone line to the press office is working. In a statement sent to The Record, a spokesperson described the incident as “part of a current accumulation of attacks on educational and health institutions.”
Explaining this accumulation, they cited “several attacks” that “have been carried out on universities in German-speaking countries in recent weeks, resulting in suspension of their IT services for extended periods of time. The attacks are usually carried out by compromising several individual accounts and systems.”
The identity of the attackers and nature of the attack was not disclosed. The university said it was conducted by perpetrators “acting in a very professional manner.”
Last month the Vice Society ransomware group claimed responsibility for a Nov

The 2022 competition comprised the following three categories: Making Europe safer; Caring for the community; On the road. In the ‘Making Europe safer’ category, photographer Pedro Manuel Reis Valongo of the Polícia de Segurança Pública submitted the winning photo of a Portuguese police officer on patrol in a railway station. The officer stands on the platform as the trains pass…
Article Link: Capture22 photo competition: celebrating hard work and dedication | Europol
1 post - 1 participant
Read full topic

The cybersecurity controls used to manage an organization’s cybersecurity program in previous years will not work against bad actors targeting networks today. Organizations rely more on cloud computing technology, connecting their sensitive data to more third party networks and in turn expanding their attack surface.
Article Link: https://www.bitsight.com/blog/cybersecurity-controls-types
1 post - 1 participant
Read full topic

The demand for zero trust architectures has long been well understood. However, while the “why” is clear, it’s the “how” that’s far less straightforward. As they pursue a move to zero trust, many teams struggle with devising the specific tools, tactics, and approaches that are optimally aligned with their organizations. Read on to learn more about vital new resources that offer much-needed guidance for teams looking to adopt zero trust in their organizations.
Introduction: The Pressing Demands for Zero Trust
The need for zero trust architectures continues to get more pressing as the notion of a defensible security perimeter becomes an increasingly distant memory. Particularly since the advent of the pandemic, the reality is that sensitive enterprise data can be anywhere.
Consequently, the legacy focus on trying to keep the bad actors “out” is now a non-starter. Zero trust architectures represent a key imperative, an approach that’s truly aligned with current realities.
Introducing the Zero Trust Architecture 

Article Link: Meet an Open Source Developer - Theresa Mammarella
1 post - 1 participant
Read full topic

The Republican chairmen of two U.S. House committees want more information from the Department of Energy about reported Russian hacking activity against three national laboratories last year.
The lawmakers — James Comer of Kentucky and Frank Lucas of Oklahoma — cited a recent Reuters report about a group known as Cold River targeting the Brookhaven, Argonne and Lawrence Livermore labs in August and September.
“Although it is unclear whether the attempted intrusions were successful, it is alarming that a hostile foreign adversary targeted government labs working on scientific research critical to the national security and competitiveness of the United States,” wrote Oversight Chairman Comer and Science Chairman Lucas in a letter to Energy Secretary Jennifer Granholm.
The hacking campaign reportedly used fake login pages to attempt to collect credentials from nuclear scientists. All three facilities perform high-level research associated with the nation’s nuclear weapons programs.
The lawmakers are asking for d

Julius Kivimäki, the Finnish member of Lizard Squad — who as a teenager in 2015 was convicted on over 50,000 counts of computer crimes — has been arrested again in France.
Finnish police confirmed the arrest on Friday in a press release stating the suspect is being held by French authorities while they “immediately initiate measures to extradite the suspect to Finland.”
Finland’s police service had issued a European arrest warrant for Kivimäki, who now goes by the first name Aleksanteri, on charges of computer-related crime and racketeering and extortion.
He was being sought as part of an investigation into a cyberattack targeting Vastaamo, a Helsinki-based private psychotherapy center, that was made public in 2020. As a result of the hack, which began in 2018, sensitive patient data was stolen as well as financial information that was reportedly fraudulently used.
After the institution refused to meet the perpetrator’s extortion demands, individual patients faced demands that they pay up or have documents re

Article Link: [Control systems] Delta Electronics security advisory (AV22-063) - Canadian Centre for Cyber Security
1 post - 1 participant
Read full topic