Sunday, November 3, 2024

The Hacker News

"Massive Git config breach exposes 5,000 credentials-10,000 private repositories cloned."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 03 November 2024, 1434 UTC.

Content and Source:  Email subscription via https://feedly.com.   https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fthehackernews.com%2Ffeeds%2Fposts%2Fdefault

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Hacker News

199K followers30 articles per week#security#tech
28

Most popular

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned
7 TTPs
79by info@thehackernews.com (The Hacker News) / 2d
15k cloud credentials stolen from Git
Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim. The bucket,
Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns
Microsoft delays Recall feature again
67by info@thehackernews.com (The Hacker News) / 2d
Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it's taking the time to improve the experience. The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October. "We are committed to delivering a secure and trusted experience with Recall," the
New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites
8 TTPs
51by info@thehackernews.com (The Hacker News) / 2d
Xiū gǒu phishing kit targets multiple countries
Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a variety of verticals, such as public sectors, postal, digital services

Nov 1, 2024

Inside Iran’s Cyber Playbook: AI, Fake Hosting, and Psychological Warfare
IoC > 4 domains
43by info@thehackernews.com (The Hacker News) / 1d
U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel's participation in the sporting event. The activity has been pinned on an entity that's known as Emennet Pasargad, which the agencies said has been operating
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups
32by info@thehackernews.com (The Hacker News) / 2d
With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Misconfigurations are silent killers, leading to major
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
6 TTPs
49by info@thehackernews.com (The Hacker News) / 2d
Chinese hackers exploit Quad7 botnet
Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers. "Active since at least 2021, Storm-0940 obtains initial access

Oct 31, 2024

Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar
by info@thehackernews.com (The Hacker News) / 2d
Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and IT
New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics
9 TTPs
41by info@thehackernews.com (The Hacker News) / 2d
Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. "While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ
LottieFiles Issues Warning About Compromised "lottie-player" npm Package
2 TTPs
42by info@thehackernews.com (The Hacker News) / 2d
LottieFiles npm package compromised
LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library. "On October 30th ~6:20 PM UTC - LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code," the company said in a
Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities
32by info@thehackernews.com (The Hacker News) / 3d
In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data
LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites
3 TTPs
60by info@thehackernews.com (The Hacker News) / 3d
CVE-2024-50550
A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability

Oct 30, 2024

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
IoC > 1 IP
63by info@thehackernews.com (The Hacker News) / 3d
5 TTPs
Jumpy Pisces collaborates with Play ransomware
Threat actors linked to North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation
Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
8 TTPs
33by info@thehackernews.com (The Hacker News) / 4d
A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said. To demonstrate the issue, the company said it managed to publish a
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
28 TTPs
74by info@thehackernews.com (The Hacker News) / 4d
Malvertising campaign spreads SYS01Stealer malware
Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs said in a report shared with The Hacker News. "The malvertising campaign leverages nearly a hundred malicious
Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code
IoC > 1 domain
49by info@thehackernews.com (The Hacker News) / 4d
11 TTPs
Malware targets crypto enthusiasts via Python
Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over 1,300
Embarking on a Compliance Journey? Here’s How Intruder Can Help
33by info@thehackernews.com (The Hacker News) / 4d
Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe. How Intruder

Oct 29, 2024

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models
2 TTPs
68by info@thehackernews.com (The Hacker News) / 5d
A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform. The most severe of the
A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation
47by info@thehackernews.com (The Hacker News) / 5d
Sherlock Holmes is famous for his incredible ability to sort through mounds of information; he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant: “When you have eliminated the impossible, whatever remains, however improbable, must be the truth.” Rather than following every lead, Holmes focuses on the details that are needed to move him to the solution. In
Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus
2 TTPs
41by info@thehackernews.com (The Hacker News) / 5d
Dutch police disrupt RedLine MetaStealer
The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer. The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K., Belgium, Portugal, and

Oct 28, 2024

U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing
36by info@thehackernews.com (The Hacker News) / 5d
The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol (TLP) to handle threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies. "The USG follows TLP markings on cybersecurity information voluntarily shared by an individual, company, or other any organization, when not in conflict
New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors
Exfiltration (Enterprise TA0010)
61by info@thehackernews.com (The Hacker News) / 5d
More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation
Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
6 TTPs
46by info@thehackernews.com (The Hacker News) / 5d
A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said. "Through
Russian Espionage Group Targets Ukrainian Military with Malware via Telegram
IoC > 1 domain
44by info@thehackernews.com (The Hacker News) / 5d
3 TTPs
Russian group targets Ukrainian recruits
A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to target the Ukrainian military under the Telegram persona Civil Defense. Google's Threat Analysis Group (TAG) and Mandiant are tracking the activity under the name UNC5812. The threat group, which operates a Telegram channel named civildefense_com_ua, was created on
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
North Korean group targets developers
56by info@thehackernews.com (The Hacker News) / 5d
Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an ongoing North Korean campaign tracked as Contagious Interview. The Datadog Security Research team is monitoring the activity under the name Tenacious Pungsan, which is also known by the monikers
THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)
9 TTPs
34by info@thehackernews.com (The Hacker News) / 6d
Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the
Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials
9 TTPs
31by info@thehackernews.com (The Hacker News) / 6d
Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage. "The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for
Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes
31by info@thehackernews.com (The Hacker News) / 6d
Operational Technology (OT) security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly automated. Diagnostics, maintenance, upgrade and adjustments to these critical systems are done

Oct 27, 2024

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel
9 TTPs
100+by info@thehackernews.com (The Hacker News) / 6d
A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach

End of feed

at
Labels:

No comments:

Post a Comment

Please leave a comment about our recent post.

Subscribe to: Post Comments (Atom)

ZDNet | Security.

"It's official:  All your Office apps are getting AI and a price increase." Views expressed in this cybersecurity, cyber crime...

  • The Cyberwire Daily Briefing
    "Fortinet confirms breach of customer data." Views expressed in this cybersecurity, cyber crime update are those of the reporters ...
  • Cyber War News Today.
    "International Defence Cooperation:  A key to regional stability." Views expressed in this cybersecurity, cyber espionage, and cyb...
  • SecurityWeek Briefing
    "New RAMBO attack allows air-gapped data theft." Views expressed in this cybersecurity, cyber crime update are those of the report...