macOS Ventura Background Task Flaws Can Be Exploited for Malware

By Habiba Rashid

Renowned Mac security researcher Patrick Wardle recently unveiled potential weaknesses within Apple’s macOS Ventura, shedding light on vulnerabilities…

This is a post from HackRead.com Read the original post: macOS Ventura Background Task Flaws Can Be Exploited for Malware

CVE-2023-39417: PostgreSQL Code Execution Vulnerability

PostgreSQL is more than just a name for those who deal with databases daily. With a remarkable history spanning over 30 years, it stands as a powerful open-source object-relational database system. Its potential to...

The post CVE-2023-39417: PostgreSQL Code Execution Vulnerability appeared first on Penetration Testing.

Researcher says they were behind iPhone popups at Def Con

Several attendees at the hacking conference Def Con reported seeing mysterious and persistent pop ups prompting them to use their Apple ID to connect to an Apple TV, or to share a password with an Apple TV nearby, according to attendee tweets over the weekend and people who spoke to TechCrunch. These incidents confused and […]

Health Data of 4M Stolen in Cl0p MOVEit Breach of Colorado Department

State's Department of Health Care Policy & Financing is the latest to acknowledge an attack by the Russian group's ongoing exploitation of third-party systems.

Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach

The Colorado Department of Health Care Policy & Financing (HCPF) disclose a data breach after MOVEit attack on IBM. The Colorado Department of Health Care Policy & Financing (HCPF) disclosed a data breach that impacted more than four million individuals. The incident is the result of a MOVEit attack on IBM, threat actors accessed the […]

The post Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach appeared first on Security Affairs.

Monti ransomware targets VMware ESXi servers with new Linux locker

The Monti ransomware gang has returned, after a two-month break from publishing victims on their data leak site, using a new Linux locker to target VMware ESXi servers, legal, and government organizations.

Researchers at Trend Micro analyzing the new encryption tool from Monti found that it has "significant deviations from its other Linux-based predecessors."

New Linux locker

Previous versions of the Monti locker were heavily based (99%) on the leaked code from Conti ransomware but the similarities in the new locker are just 29%.

Code similarity rate on Bindiff (Trend Micro)

Among the significant modifications that Trend Micro observed are the following:

• Removal of the ‘--size,’ ‘--log,’ and ‘–vmlist’ parameters and addition of a new ‘-type=soft’ parameter to terminate ESXi virtual machines (VMs) in a subtler manner that is more likely to evade detection.
• Addition of a '--whitelist' parameter to instruct the locker to skip specific ESXi virtual machines (VMs) on the host.
• Modification of ‘/etc/motd’ and ‘index.html’ files to display the ransom note content upon user login (Message of the Day).

Modified /etc/motd' content (Trend Micro)

• Now appends the byte signature “MONTI” along with an additional 256 bytes related to the encryption key to the encrypted files.
• Checks if the file size is below or over 261 bytes, encrypts smaller files, and checks for the presence of the “MONTI” string on larger. If the string is missing, it encrypts the files.
• The new variant uses the AES-256-CTR encryption method from the OpenSSL library, unlike the previous variant, which used Salsa20.
• Files of sizes between 1.048MB and 4.19MB will have only the first 100,000 bytes encrypted, while files smaller than 1.048MB are wholly encrypted.
• Files exceeding the size of 4.19MB will have a portion of their content encrypted, calculated by a Shift Right operation.

Partial file encryption (left), original content (right) (Trend Micro)

• The new variant adds the .MONTI extension to encrypted files and generates a ransom note (‘readme.txt’) on every directory it processes.

Encrypted files and ransom note (Trend Micro)

One of the highlights in the code, the researchers say, is its improved ability to evade detection, which makes it more difficult to identify and mitigate Monti ransomware attacks.

Monti ransomware background

First spotted by MalwareHunterTeam in June 2022 and documented publicly by BlackBerry a month later, Monti ransomware appeared as a clone of Conti, as it used most of its code following a leak from a Ukrainian researcher.

In September 2022, an Intel471 report highlighted the increased likelihood of Monti being a rebrand of Conti based on their identical initial network access methods.

However, due to the relatively low attack volume, the threat actor did not attract too much attention from researchers, with only one report by Fortinet in January 2023 that provides a cursory examination of their Linux locker.

Members of the gang do not consider themselves cybercriminals or their software malicious. They refer to the tools they use as utilities that reveal security problems in corporate networks, and call their attacks penetration testing, for which they want to get paid. If the victim company does not pay, they publish the name of their victims on their data leak site, under a section called "Wall of Shame."

Despite the terms used to describe their activity, the Monti group behaves like any other ransomware gang, breaching company network, stealing data, and asking for a ransom.

Criminal IP Teams Up with PolySwarm to Strengthen Threat Detection

In today's ever-evolving digital landscape, the significance of effective malware detection remains paramount. With the escalating threat of cyberattacks, cybersecurity serves as a crucial shield against breaches and data compromises.

PolySwarm, through the integration of blockchain technology, takes a significant leap forward in enhancing malware detection capabilities.

By harnessing the power of collaborative threat detection engines, the platform pioneers innovative methodologies to fortify defenses against these evolving threats.

This collaborative endeavor has now welcomed a new addition – the Cyber Threat Intelligence search engine Criminal IP – into PolySwarm's expansive detection engine network.

PolySwarm: Elevating Detection with Specialized Engines

At the heart of PolySwarm's innovative approach lies specialized detection, facilitated by microengines meticulously tailored to distinct threat categories.

These microengines are expertly designed and overseen by a vast community of security professionals, enabling the efficient breakdown of threat detection tasks.

Crafted by diverse specialists, these focused detection engines effectively target specific threats, including malware, phishing, and ransomware.

Criminal IP Bolsters Threat Detection as a New Engine on PolySwarm

Criminal IP's Expertise Enhances Threat Data Aggregation and Validation

Criminal IP's expertise is set to amplify the aggregation and validation of critical threat data.

The addition of Criminal IP as a new contributor to PolySwarm's malicious URL detection represents a significant leap in specialized threat identification.

Through the utilization of precision-crafted microengines developed by a diverse security community, PolySwarm takes strategic measures to address diverse threat categories, thereby elevating the accuracy of threat detection.

Furthermore, Criminal IP's contribution to the aggregation and validation of threat data plays a pivotal role in identifying authentic threats while minimizing false positives.

About Criminal IP

Criminal IP launched its global cybersecurity service on April 17, 2023, after a successful year-long beta phase. The company has established technical and business partnerships with renowned global security firms, including VirusTotal, Splunk, Anomali, LogRhythm, Datadog, and more. Furthermore, Criminal IP has recently released a GitHub Reference page, showcasing code examples that utilize the Criminal IP API. With support for five languages: English, French, Arabic, Korean, and Japanese, the platform ensures seamless utilization of all Criminal IP services, catering to a diverse user base.

Sponsored and written by Criminal IP

73% Danger: The Chilling Reality of Speech Deepfake Detection

A study from the University of London has demonstrated that, whether among native speakers of English or Mandarin, the accuracy rate for distinguishing artificially synthesized voices stands only at 73%. Published in the journal...

The post 73% Danger: The Chilling Reality of Speech Deepfake Detection appeared first on Penetration Testing.

Cyber Safety Review Board (CSRB) investigative report on Lapsus$ Hacking Group

Lapsus$ constitutes a predominantly adolescent, loosely-organized hacker collective. However, reports reveal that from the latter part of 2021 to the end of 2022, Lapsus$ employed various techniques to circumvent conventional security measures and successfully...

The post Cyber Safety Review Board (CSRB) investigative report on Lapsus$ Hacking Group appeared first on Penetration Testing.

QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord

A new remote access trojan (RAT) called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Telegram bot, providing them with unauthorized access to the victim's sensitive information," Uptycs said in a new

Critical Remote Code Execution (RCE) Vulnerability Affects WPS Office

WPS Office, a burgeoning name in the world of digital office suites, found its reputation challenged on August 11, 2023, when a security researcher unveiled the disturbing details of a critical vulnerability that can...

The post Critical Remote Code Execution (RCE) Vulnerability Affects WPS Office appeared first on Penetration Testing.

Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models

Company's experience highlights the tightrope tech organizations walk when integrating AI into their products and services.

Cyber Threat Intelligence Index: July 2023

Flashpoint’s monthly look at the cyber risk ecosystem affecting organizations around the world, including intelligence, news, data, and analysis about ransomware, vulnerabilities, data breaches, and insider threats.

The post Cyber Threat Intelligence Index: July 2023 appeared first on Flashpoint.

Investing in Ethereum Blockchain-based JasmyCoin: Guide

By Owais Sultan

JasmyCoin operates on blockchain technology as a decentralized digital currency, ensuring secure and transparent transactions.

This is a post from HackRead.com Read the original post: Investing in Ethereum Blockchain-based JasmyCoin: Guide

Stellar Cyber and Oracle Cloud Partner for Enhanced Cybersecurity

By Owais Sultan

Powered by Oracle Cloud, Stellar Cyber Open XDR offers best-in-class cyberattack detection and response capabilities to Oracle Cloud Infrastructure users.

This is a post from HackRead.com Read the original post: Stellar Cyber and Oracle Cloud Partner for Enhanced Cybersecurity

Millions of Americans’ health data stolen after MOVEit hackers targeted IBM

Millions of Americans had their sensitive medical and health information stolen after hackers exploiting a zero-day vulnerability in the widely used MOVEit file transfer software raided systems operated by tech giant IBM. Colorado’s Department of Health Care Policy and Financing (HCPF), which is responsible for administering Colorado’s Medicaid program, confirmed on Friday that it had […]

Tenable Cyber Watch: Hot Takes from Black Hat USA, SANS Releases 2023 Report on Security Awareness, and more

Want to know what topics caught our attention at the Black Hat USA Conference? Looking for recommendations on how you can better mitigate shadow IT risks? Curious about how you can boost your security awareness program?

We’ve got you covered in this week’s edition of the Tenable Cyber Watch, our weekly video news digest highlighting three cybersecurity topics that matter right now. Here’s what’s happening in cyber.

Today, we’re sharing:

• Hot takes from the Black Hat USA Conference
• The U.K. National Cyber Security Centre provides guidance on how to better mitigate shadow IT risks.
• SANS released its 2023 report on security awareness. More on how you can boost your security awareness program.

Every Monday at 9am ET, the Tenable Cyber Watch brings you cybersecurity news you can use. Watch this week’s episode below and subscribe to our playlist on YouTube.

5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments

Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources.

Email – The System Running Since 71’

Working remotely is here to stay and businesses should continue to make sure their basic forms of communication are properly configured and secured.

The post Email – The System Running Since 71’ appeared first on SecurityWeek.

US Cyber Safety Board to Review Cloud Attacks

The US government's CSRB will conduct a review of cloud security to provide recommendations on improving identity management and authentication.

The post US Cyber Safety Board to Review Cloud Attacks appeared first on SecurityWeek.

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution. "The attacker seems to be

Power Management Product Flaws Can Expose Data Centers to Damaging Attacks, Spying

Vulnerabilities in CyberPower and Dataprobe power management products could be exploited in data center attacks, including to cause damage and for spying.

The post Power Management Product Flaws Can Expose Data Centers to Damaging Attacks, Spying appeared first on SecurityWeek.

Administrator of ‘Bulletproof’ Webhosting Domain Charged in Connection with Facilitation of NetWalker Ransomware

An indictment was unsealed yesterday charging a Polish national with computer fraud conspiracy, wire fraud conspiracy, and international money laundering in connection with the provision of 'bulletproof' webhosting services that facilitated the operation of ransomware attacks.

The post Administrator of ‘Bulletproof’ Webhosting Domain Charged in Connection with Facilitation of NetWalker Ransomware appeared first on Flashpoint.

The rise of AI-powered criminals: Identifying threats and opportunities

A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations.

US Shuts Down Bulletproof Hosting Service LolekHosted, Charges Its Polish Operator

US authorities have announced charges against a Polish national who allegedly operated the LolekHosted.net bulletproof hosting service.

The post US Shuts Down Bulletproof Hosting Service LolekHosted, Charges Its Polish Operator appeared first on SecurityWeek.