New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack

A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong.

The post New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack appeared first on SecurityWeek.

Grip Security Lands $41 Million Series B Financing

Israeli startup Grip Security has banked $41 million in new financing from a group of investors led by Third Point Ventures.

The post Grip Security Lands $41 Million Series B Financing appeared first on SecurityWeek.

Anti-Piracy Lessons Enter the School Curriculum: Are You a Thief?

High school students are educated on a wide variety of topics, helping them to understand and become productive members of society. In Denmark, a new course was recently announced by local anti-piracy group Rights Alliance and publisher Gyldendal. With support from the government, the new curriculum educates young Danes on copyright and piracy.

From: TF, for the latest news on copyright battles, piracy and more.

Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates

A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under its insect-themed moniker Carderbee. The attacks, per the cybersecurity firm, leverage a trojanized version of a legitimate software called

Chinese APT Targets Hong Kong in Supply Chain Attack

Dubbed Carderbee, the group used legitimate software and Microsoft-signed malware to spread the Korplug/PlugX backdoor to various Asian targets.

1-15 July 2023 Cyber Attacks Timeline

In the first half of July 2023, I collected 161 events (corresponding to 10.73 events per day), a number that...

Cerby lands $17M to manage access to ‘nonstandard’ enterprise apps

Bel Lepe, a former Google software engineer, tells me that it always seemed risky to him that there were apps business users needed and used, but that IT and security teams were unwilling to approve them because of their lack of support for identity standards. It’s a legitimate issue. According to a Ponemon Institute survey, […]

Cerby Raises $17 Million for Access Management Platform for Nonstandard Applications

Cerby has raised $17 million in Series A funding for its access management platform for applications not supported by identity providers.

The post Cerby Raises $17 Million for Access Management Platform for Nonstandard Applications appeared first on SecurityWeek.

CISA Warns of Another Exploited Adobe ColdFusion Vulnerability

CISA warns that CVE-2023-26359, an Adobe ColdFusion vulnerability patched in March, has been exploited in the wild.

The post CISA Warns of Another Exploited Adobe ColdFusion Vulnerability appeared first on SecurityWeek.

Generating FLIRT signatures for Nim and other non-C programming languages

Adversaries are increasingly writing malware in programming languages such as Go, Rust, or Nim, because they present challenges to investigators using reverse-engineering tools designed to work best against the C family of languages.

It’s often difficult for reverse engineers examining non-C languages to differentiate between the malware author&

Snatch gang claims the hack of the Department of Defence South Africa

Snatch gang claims the hack of the Department of Defence South Africa and added the military organization to its leak site. The Snatch ransomware group added the Department of Defence South Africa to its data leak site. The mission of the Department of Defence is to provide, manage, prepare and employ defence capabilities commensurate with the […]

The post Snatch gang claims the hack of the Department of Defence South Africa appeared first on Security Affairs.

A cyber attack hit the Australian software provider Energy One

The Australian software provider Energy One announced it was hit by a cyberattack last week that affected certain corporate systems in Australia and the UK. The Australian software provider Energy One announced that a cyberattack hit certain corporate systems in Australia and the UK last week. Energy One is a global supplier of software products […]

The post A cyber attack hit the Australian software provider Energy One appeared first on Security Affairs.

CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability CVE-2023-26359 in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) affecting Adobe ColdFusion to its Known Exploited Vulnerabilities Catalog. Adobe fixed the critical flaw in March 2023, it is a deserialization of untrusted data issue in Adobe ColdFusion that can […]

The post CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

Ivanti fixed a new critical Sentry API authentication bypass flaw

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron Sentry) product. The vulnerability could be exploited to access sensitive API data and configurations, run […]

The post Ivanti fixed a new critical Sentry API authentication bypass flaw appeared first on Security Affairs.

New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App

A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote." "The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis. "The application

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an

Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 (

openappsec: machine learning security engine to prevents threats against Web Application & APIs

openappsec open-appsec (openappsec.io) builds on machine learning to provide preemptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It can be deployed as an add-on to Kubernetes Ingress, NGINX, Envoy (soon), and API Gateways....

The post openappsec: machine learning security engine to prevents threats against Web Application & APIs appeared first on Penetration Testing.

WordPress custom field plugin bug (CVE-2023-40068) exposes 1M sites to XSS attacks

A cross-site scripting (XSS) vulnerability has been found in the Advanced Custom Fields (ACF) and Advanced Custom Fields Pro WordPress plugins. The vulnerability, tracked as CVE-2023-40068, affects versions 6.1.0 to 6.1.7 of the plugins....

The post WordPress custom field plugin bug (CVE-2023-40068) exposes 1M sites to XSS attacks appeared first on Penetration Testing.

CISA warns of critical Adobe ColdFusion flaw (CVE-2023-26359) exploited in the wild

The Cybersecurity & Infrastructure Security Agency (CISA), a key player in ensuring America’s cyber front remains secure, has drawn attention to a severe security vulnerability affecting Adobe ColdFusion versions 2021 and 2018. The flaw,...

The post CISA warns of critical Adobe ColdFusion flaw (CVE-2023-26359) exploited in the wild appeared first on Penetration Testing.

noir: attack surface detector from source code

Noir Noir is an attack surface detector from source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions...

The post noir: attack surface detector from source code appeared first on Penetration Testing.

Ivanti Issues Fix for Critical Vuln In Its Sentry Gateway Technology

Security vendor will not say if attackers are already actively exploiting the flaw, as some reports have claimed.

Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

By Waqas

Bronze Starlight hackers have been cleverly utilizing a valid Ivacy VPN code-signing certificate to target the Southeast Asian gambling industry.

This is a post from HackRead.com Read the original post: Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

Whistleblower Leak Reveals Tesla Data Breach, Affects 75,000

By Waqas

Contrary to the typical cyberattack narrative, this breach stems from a whistleblower leak, revealing sensitive information to the German media outlet Handelsblatt.

This is a post from HackRead.com Read the original post: Whistleblower Leak Reveals Tesla Data Breach, Affects 75,000

TP-Link smart bulbs can let hackers steal your WiFi password

Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link’s Tapo app, which could allow attackers to steal their target’s WiFi password.

TP-Link Tapo L530E is a top-selling smart bulb on multiple marketplaces, including Amazon. TP-link Tapo is a smart device management app with 10 million installations on Google Play.

The Tapo L530E (TP-Link)

The researchers from Universita di Catania and the University of London analyzed this product due to its popularity. However, the goal of their paper is to underscore security risks in the billions of smart IoT devices used by consumers, many of which follow risky data transmission and lackluster authentication safeguards.

Smart bulb flaws

The first vulnerability concerns improper authentication on Tapo L503E, allowing attackers to impersonate the device during the session key exchange step.

This high-severity vulnerability (CVSS v3.1 score: 8.8) allows an adjacent attacker to retrieve Tapo user passwords and manipulate Tapo devices.

The second flaw is also a high-severity issue (CVSS v3.1 score: 7.6) arising from a hard-coded short checksum shared secret, which attackers can obtain through brute-forcing or by decompiling the Tapo app.

The third problem is a medium-severity flaw concerning the lack of randomness during symmetric encryption that makes the cryptographic scheme predictable.

Finally, a fourth issue stems from the lack of checks for the freshness of received messages, keeping session keys valid for 24 hours, and allowing attackers to replay messages during that period.

Attack scenarios

The most worrying attack scenario is bulb impersonation and retrieval of Tapo user account details by exploiting vulnerabilities 1 and 2.

Then, by accessing the Tapo app, the attacker can extract the victim’s WiFi SSID and password and gain access to all other devices connected to that network.

The device needs to be in setup mode for the attack to work. However, the attacker can deauthenticate the bulb, forcing the user to set it up again to restore its function.

Bulb impersonation diagram (arxiv.org)

Another attack type explored by the researchers is MITM (Man-In-The-Middle) attack with a configured Tapo L530E device, exploiting vulnerability 1 to intercept and manipulate the communication between the app and the bulb and capturing the RSA encryption keys used for subsequent data exchange.

MITM attacks are also possible with unconfigured Tapo devices by leveraging vulnerability one again by connecting to the WiFi during setup, bridging two networks, and routing discovery messages, eventually retrieving Tapo passwords, SSIDs, and WiFi passwords in easily decipherable base64 encoded form.

MITM attack diagram (arxiv.org)

Finally, vulnerability 4 allows attackers to launch replay attacks, replicating messages that have been sniffed previously to achieve functional changes in the device.

Disclosure and fixing

The university researchers responsibly disclosed their findings to TP-Link, and the vendor acknowledged them all and informed them they would implement fixes on both the app and the bulb’s firmware soon.

However, the paper does not clarify whether these fixes have already been made available and which versions remain vulnerable to attacks.

BleepingComputer has contacted TP-Link to learn more about the security updates and impacted versions and will update this post as soon as we hear back.

As general advice for IoT security, it is recommended to keep these types of devices isolated from critical networks, use the latest available firmware updates and companion app versions, and protect accounts with MFA and strong passwords.