Thu.Oct 12, 2023

article thumbnail

Bounty to Recover NIST’s Elliptic Curve Seeds

Schneier on Security

This is a fun challenge: The NIST elliptic curves that power much of modern cryptography were generated in the late ’90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in early 2023 leaving behind a cryptographic mystery, some conspiracy theories, and an historical password cracking challenge.

Passwords 332
article thumbnail

Is Rapid Data Recovery the Best Hope Australia Has for a Win Against Ransomware?

Tech Republic Security

The success of cyber attacks in Australia could make an "assume-breach" approach to cyber security inevitable and cause IT teams to shift their focus to protecting data backups at all costs.

Backups 146
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ransomlooker, a new tool to track and analyze ransomware groups’ activities

Security Affairs

Ransomlooker monitors ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. Cybernews presented Ransomlooker , a tool to monitor ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. The researchers have created the tool to help cybersecurity experts in their daily jobs by providing real-time updates and actionable insights.

article thumbnail

ToddyCat: Keep calm and check logs

SecureList

ToddyCat is an advanced APT actor that we described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Our first publication was focused on their main tools, Ninja Trojan and Samurai Backdoor, and we also described the set of loaders used to launch them.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

More than 17,000 WordPress websites infected with the Balada Injector in September

Security Affairs

In September more than 17,000 WordPress websites have been compromised by the Balada Injector malware. Sucuri researchers reported that more than 17,000 WordPress websites have been compromised in September with the Balada Injector. The researchers noticed that the number of Balada Injector infections has doubled compared with August. The Balada injector is a malware family that has been active since 2017.

Malware 142
article thumbnail

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

The Hacker News

The threat actors behind ShellBot are leveraging IP addresses transformed into their hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware.

DDOS 140

More Trending

article thumbnail

Researchers Uncover Malware Posing as WordPress Caching Plugin

The Hacker News

Cybersecurity researchers have shed light on a new sophisticated strain of malware that masquerades as a WordPress plugin to stealthily create administrator accounts and remotely control a compromised site.

Malware 136
article thumbnail

Apple releases iOS 16 update to fix CVE-2023-42824 on older devices

Security Affairs

Apple released versions iOS 16.7.1 and iPadOS 16.7.1 to address the CVE-2023-42824 vulnerability that has been actively exploited in attacks. Apple has released iOS 16.7.1 and iPadOS 16.7.1 to address the recently disclosed zero-day CVE-2023-42824. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks.

Hacking 135
article thumbnail

A PowerShell Script to Mitigate Active Directory Security Risks

eSecurity Planet

Cyber attackers frequently use legacy technology as part of their attack strategies, targeting organizations that have yet to implement mitigations or upgrade obsolete components. In an Active Directory environment, one such component is legacy protocols, which attackers can use to gain access to Active Directory. While patching (or even virtual patching ) might help address obsolete components, most legacy components have been thoroughly evaluated by adversaries to determine whether they should

Risk 133
article thumbnail

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

Researchers observed a new Magecart web skimming campaign changing the websites’ default 404 error page to steal credit cards. Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code. The attacks are targeting a large number of Magento and WooCommerce websites, including large organizations in the food and retail industries. “In this campaign, all the victim web

Retail 132
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack

The Hacker News

Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an unknown industrial organization in early June 2023. The tech giant's threat intelligence team is tracking the operator as Storm-1567.

article thumbnail

How to Banish Heroes from Your SOC?

Anton on Security

This blog was born from two parents: my never-finished blog on why relying on heroism in a Security Operations Center (SOC) is bad and Phil Venables “superb+” blog titles “Delivering Security at Scale: From Artisanal to Industrial.” BTW, what is heroism? Isn’t that a good thing ? Well, an ancient SRE deck defines “IT heroism” as relying on “individuals taking upon themselves to make up for a systemic problem.

article thumbnail

Apple fixes iOS Kernel zero-day vulnerability on older iPhones

Bleeping Computer

Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks. [.

128
128
article thumbnail

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

Trend Micro

Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.

Malware 121
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Pan-African Financial Apps Leak Encryption, Authentication Keys

Dark Reading

Cryptocurrency apps were the most high risk for exposing sensitive information, a reverse-engineering study shows.

article thumbnail

Malicious NuGet Package Targeting.NET Developers with SeroXen RAT

The Hacker News

A malicious package hosted on the NuGet package manager for the.NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user named Disti, is a typosquat of a legitimate package called Pathoschild.Stardew.ModBuildConfig, software supply chain security firm Phylum said in a report today.

Software 110
article thumbnail

Brands Beware: X's New Badge System Is a Ripe Cyber-Target

Dark Reading

Scammers have targeted the vaunted blue check marks on the platform formerly known as Twitter, smearing individuals and brands alike.

106
106
article thumbnail

10 Tips for Traveler Identity Theft Protection

Identity IQ

10 Tips for Traveler Identity Theft Protection IdentityIQ Travel has become an essential part of everyday life for many, offering adventure, cultural experiences, and opportunities for personal growth. However, as we embark on these journeys, we must also be vigilant guardians of our personal information. Travel identity theft is a rising concern, with cybercriminals constantly devising new ways to exploit unsuspecting travelers.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

DarkGate Operator Uses Skype, Teams Messages to Distribute Malware

Dark Reading

A plurality of the targets in the ongoing campaign have been based in the Americas.

Malware 104
article thumbnail

How the FTX Thieves Have Tried to Launder Their $400 Million Haul

WIRED Threat Level

Whoever looted FTX on the day of its bankruptcy has now moved the stolen money through a long string of intermediaries—including a service owned by FTX itself.

article thumbnail

New Microsoft bug bounty program focuses on AI-powered Bing

Bleeping Computer

Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000. [.

104
104
article thumbnail

Simpson Manufacturing Launches Investigation After Cyberattack

Dark Reading

The company has taken down its systems in an effort to determine the scope of the attack.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

FBI shares AvosLocker ransomware technical details, defense tips

Bleeping Computer

The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts. [.

article thumbnail

Backdoor Lurks Behind WordPress Caching Plugin to Hijack Websites

Dark Reading

Evasive malware disguised as a caching plugin allows attackers to create an admin account on a WordPress site, then take over and monetize sites at the expense of legitimate SEO and user privacy.

article thumbnail

Ransomware attacks now target unpatched WS_FTP servers

Bleeping Computer

Internet-exposed WS_FTP servers unpatched against a maximum severity vulnerability are now targeted in ransomware attacks. [.

article thumbnail

Protect Critical Infrastructure With Same Rigor as Classified Networks

Dark Reading

Government security processes are often viewed as tedious and burdensome — but applying the lessons learned from them is imperative for private industry to counter a nation-state threat.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How to Guard Your Data from Exposure in ChatGPT

The Hacker News

ChatGPT has transformed the way businesses generate textual content, which can potentially result in a quantum leap in productivity. However, Generative AI innovation also introduces a new dimension of data exposure risk, when employees inadvertently type or paste sensitive business data into ChatGPT, or similar applications.

Risk 91
article thumbnail

Making the Case for Cryptographic Agility and Orchestration

Dark Reading

Finding the right post-quantum cryptographic (PQC) algorithms is necessary, but not sufficient, to future-proof cybersecurity.

article thumbnail

HTTP/2 Rapid Reset Zero-Day Largest DDoS Attack in Internet History

SecureWorld News

In recent months, the cybersecurity world has been shaken by the revelation of a sophisticated and unprecedented cyber threat: the HTTP/2 Rapid Reset Zero-Day vulnerability. This exploit, tracked as CVE-2023-44487 , enabled cybercriminals to orchestrate what has been dubbed the largest Distributed Denial of Service (DDoS) attack ever recorded, targeting multiple internet infrastructure companies.

DDOS 91
article thumbnail

How to Scan Your Environment for Vulnerable Versions of Curl

Dark Reading

This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environments.

Risk 92
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.