#bleepingcomputer — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #bleepingcomputer, aggregated by home.social.
-
Catching the story about how MSFT locked out a bunch of legit devs for not uploading government IDs on the same morning I see the story that CPUID is serving up (at least moderately advanced) malware is affecting my brain in a particularly irritating way.
-
[related]
⬇️
"Swiss critical sector faces new 24-hour cyberattack reporting rule"
"Switzerland calls this new requirement a milestone for cybersecurity in the country, noting that it is in accordance with the NIS Directive, an EU-wide cybersecurity legislation that applies to operators of essential services and digital service providers."
👇
https://www.bleepingcomputer.com/news/security/swiss-critical-sector-faces-new-24-hour-cyberattack-reporting-rule/ -
Low-Drama ‘Dark Angels’ Reap Record Ransoms
https://krebsonsecurity.com/2024/08/low-drama-dark-angels-reap-record-ransoms/
#AmerisourceBergenCorporation #BleepingComputer #BrettStone-Gross #ALittleSunshine #DataBreaches #DunghillLeak #Ransomware #DarkAngels #ransomware #ThreatLabz #Cencora #Zscaler #sophos #Sabre #Sysco
-
Low-Drama ‘Dark Angels’ Reap Record Ransoms https://krebsonsecurity.com/2024/08/low-drama-dark-angels-reap-record-ransoms/ #AmerisourceBergenCorporation #BleepingComputer #ALittleSunshine #BrettStoneGross #DataBreaches #DunghillLeak #Ransomware #DarkAngels #ransomware #ThreatLabz #Cencora #Zscaler #sophos #Sabre #Sysco
-
Title: "💻🔒 #MacOSBackdoor: Stealthy Malware in Cracked Apps Drains Wallets via DNS Records 🚨"
Recent reports from Securelist and BleepingComputer reveal a sophisticated malware campaign targeting macOS users. Authored by Sergey Puzan (Securelist) and Bill Toulas (BleepingComputer), these articles uncover a cunning method where hackers disguise information-stealing malware within cracked macOS applications. This threat primarily affects macOS Ventura users and leverages DNS records to conceal malicious scripts. The malware, disguised as a legitimate app activator, prompts users for admin passwords, thus gaining control over the system.
The malware establishes contact with its command and control (C2) server via a unique URL, generated by combining words from hardcoded lists with random letters, and then fetches a base64-encoded Python script from DNS TXT records. This script not only provides backdoor access but also harvests and transmits critical system information. Further, it ensures persistence across reboots and continuously updates itself.
What's alarming is the malware's capability to replace Bitcoin Core and Exodus wallets with compromised versions that transmit users' sensitive data to the attackers. The ingenuity of hiding the payload in DNS server TXT records marks a new level of sophistication in cyber attacks.
Stay vigilant and avoid cracked software to mitigate such threats!
Tags: #CyberSecurity #Infosec #MalwareAnalysis #MacOS #DNSRecords #PythonScript #APT #Securelist #BleepingComputer #SergeyPuzan #BillToulas
Sources:
- Securelist: Sergey Puzan's Article
- BleepingComputer: Bill Toulas's Article
-
"🚨 Openfire Vulnerability Under Active Exploit: A Gateway to Ransomware and Cryptominers 🚨"
The widely-used Openfire chat server is under siege as hackers exploit a high-severity flaw, CVE-2023-32315, to deploy ransomware and cryptominers. This Java-based open-source XMPP server, boasting 9 million downloads, has become a lucrative target due to an authentication bypass vulnerability in its admin console. Attackers are creating new admin accounts on vulnerable servers, installing malicious Java plugins, and executing commands via HTTP requests. 🛑
The flaw spans across various Openfire versions dating back to 2015. Although patches were released in May 2023, over 3,000 servers remained vulnerable by mid-August 2023. The first known exploitation dates back to June 2023, when a server was ransomed post-exploitation. Attack scenarios include deploying crypto-mining trojans, installing backdoors, and extracting server information. 🕵️
Dr. Web has identified four distinct attack scenarios leveraging this flaw, emphasizing the urgency of applying available security updates. BleepingComputer also reports multiple instances of Openfire servers being encrypted with ransomware, appending a .locked1 extension to files. The ransom demands range from 0.09 to 0.12 bitcoins ($2,300 to $3,500). 🖥️🔓
The threat landscape is evolving, with threat actors not solely targeting Openfire servers but any vulnerable web server. It's a stark reminder for organizations to stay vigilant and ensure their systems are up-to-date with the latest security patches. 🛡️
Source: BleepingComputer by Bill Toulas
Tags: #Openfire #Ransomware #Cryptominers #CyberSecurity #Vulnerability #CVE202332315 #ThreatIntel #InfoSec #PatchManagement #ServerSecurity #DrWeb #BleepingComputer 🌐🔐
-
CW: Windows zero-day
Reading up on some #infosec news after three crazy days of moving (reminder: never move) and came across the most amazing attribute name Windows gives to files from untrusted remote locations:
Mark of the Web.
But when you open such a file, you only see a boring 'Security Warning' popup.
Why not just have burning flames, cackling demons and blood-red dripping capital letters shouting "WARNING! THIS FILE BEARS THE MARK OF THE WEB!" Missed opportunity!
Also, excuse my noobness if Mark of the Web is something I should TOTALLY know about already, sheesh.
#markoftheweb #cybersecurity #bleepingcomputer #zeroday #malware -
MyBook Users Urged to Unplug Devices from Internet https://krebsonsecurity.com/2021/06/mybook-users-urged-to-unplug-devices-from-internet/ #NationalVulnerabilityDatabase #BleepingComputer #LatestWarnings #CVE-2018-18472 #WesternDigital #MyBookLiveDuo #TimetoPatch #ArsTechnica #Wizcase.com #MyBookLive #MyBook
