Top News

• Twitter now forces you to sign in to view tweets

"Starting today, Twitter is no longer accessible on web and mobile apps if you don’t have an account, forcing all users to log in if they want to get access to the platform.
If you're not already logged in, you will get redirected to a "Sign in to Twitter" screen, where you're prompted to either sign into your account or sign up for one.
If you dismiss this sign-in screen, you'll be sent to the social network's homepage, where you'll be once again asked to join Twitter by creating an account or by signing up with Google or Apple.
Twitter has yet to share a statement via its official support account or the company's blog regarding the motives behind this change."

Link

TLP¹ : Green

• Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets

"In yet another sign of a lucrative crimeware-as-a-service (CaaS) ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions.
"The Meduza Stealer has a singular objective: comprehensive data theft," Uptycs said in a new report. "It pilfers users' browsing activities, extracting a wide array of browser-related data."
"From critical login credentials to the valuable record of browsing history and meticulously curated bookmarks, no digital artifact is safe. Even crypto wallet extensions, password managers, and 2FA extensions are vulnerable.""

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• VMware, Other Tech Giants Announce Push for Confidential Computing Standards

"In conjunction with the 2023 Confidential Computing Summit last week, VMware announced a partnership with tech giants to accelerate the development of confidential computing applications.
Confidential computing relies on a trusted execution environment that ensures the integrity and confidentiality of applications and data, even in the cloud and on third-party infrastructure.
With the emergence of multi-cloud deployments and machine learning, confidential computing is expected to help protect intellectual property and sensitive data, but its adoption lags due to difficulties in creating applications for it."

Link

TLP¹ : Green

• Self-Driving Cars Are Surveillance Cameras on Wheels

"Police are already using self-driving car footage as video evidence:
While security cameras are commonplace in American cities, self-driving cars represent a new level of access for law enforcement ­ and a new method for encroachment on privacy, advocates say. Crisscrossing the city on their routes, self-driving cars capture a wider swath of footage. And it’s easier for law enforcement to turn to one company with a large repository of videos and a dedicated response team than to reach out to all the businesses in a neighborhood with security systems."

Link

TLP¹ : Green

• Avast released a free decryptor for the Windows version of the Akira ransomware

"Cybersecurity firm Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom.
The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate,
Akira is a Windows ransomware with a 64-bit Windows binary, it is written in C++ and uses the Boost library to implement the asynchronous encryption code. The authors used Microsoft Linker version 14.35. "

Link

TLP¹ : Green

• Apple, Civil Liberty Groups Condemn UK Online Safety Bill

"The latest variant of the crypto wars is happening now, with the UK and EU governments attempting to force backdoors into end-to-end encryption (E2EE).
The war is law enforcement and government desire to prevent criminals ‘going dark’ through E2EE. The battlefield for liberal democracies is the EU (the Child Sexual Abuse Regulation) and the UK (the Online Safety Bill – OSB). The collateral damage could be every law abiding citizen – and the audience is all other liberal democracies around the world.
On June 26, 2023, the Online Rights Group delivered an open letter (PDF) signed by 80 technologists and civil rights organizations to Chloe Smith, the UK government minister guiding the OSB through parliament. The biggest concern is the likely requirement for an encrypted message scanning capability."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• CISA Flags 8 Actively Exploited Flaws in Samsung and D-Link Devices

"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a set of eight flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link devices. All the flaws have been patched as of 2021"

Link

TLP¹ : Green

• 300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug

"Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem.
The vulnerability is a remote code execution with a severity score of 9.8 out of 10 resulting from a heap-based buffer overflow problem in FortiOS, the operating system that connects all Fortinet networking components to integrate them in the vendor's Security Fabric platform.
CVE-2023-27997 is exploitable and allows an unauthenticated attacker to execute code remotely on vulnerable devices with the SSL VPN interface exposed on the web. In an advisory in mid-June, the vendor warned that the issue may have been exploited in attacks.
Fortinet addressed the vulnerability on June 11 before disclosing it publicly, by releasing FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5."

Link

TLP¹ : Green

• WordPress sites using the Ultimate Member plugin are under attack

"Hackers are actively exploiting a critical unpatched WordPress Plugin flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), to create secret admin accounts.
Ultimate Member is a popular user profile and membership plugin for WordPress, it allows admins to create advanced online communities and membership sites. Ultimate Member allows creating almost any type of site where users can join and become members with absolute ease.
The plugin has more than 200,000 active installations at this time."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage

"In today's fast-paced digital landscape, the widespread adoption of AI (Artificial Intelligence) tools is transforming the way organizations operate. From chatbots to generative AI models, these SaaS-based applications offer numerous benefits, from enhanced productivity to improved decision-making. Employees using AI tools experience the advantages of quick answers and accurate results, enabling them to perform their jobs more effectively and efficiently. This popularity is reflected in the staggering numbers associated with AI tools."

Link

TLP¹ : Green

• CISA BOD 23-01: What Agencies Need to Know About Compliance

"By April, all federal agencies were required to begin complying with a new mandate from the US Cybersecurity and Infrastructure Security Agency (CISA) to "make measurable progress toward enhancing visibility into agency IT assets and associated vulnerabilities." In plain language, this means they must get better at monitoring their assets and evaluating their security vulnerabilities.
While complying with Binding Operational Directive 23-01 (BOD 23-01) won't on its own make agencies secure, it does provide a good foundation for identifying risks and building better security programs. Ultimately, federal IT directors will need to go beyond the letter of these BOD requirements and think about how they can use these new capabilities to improve their network operations and security processes."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Twitter's bot spam keeps getting worse — it's about porn this time

"Forget crypto spam accounts, Twitter's got another problem which involves bots and accounts promoting adult content and infiltrating Direct Messages and interactions on the platform. And there doesn't seem to be an easy solution in sight.
While the problem has existed for while, the uptick in porn bots is ironic, given Elon Musk's promising claims of tackling bots and fake accounts on Twitter, after his acquisition of the platform."

Link

TLP¹ : Green

• Experts detected a new variant of North Korea-linked RUSTBUCKET macOS malware

"Researchers from the Elastic Security Labs have spotted a new variant of the RustBucket Apple macOS malware.
In April, the security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket.
The group BlueNoroff is considered a group that operates under the control of the notorious North Korea-linked Lazarus APT group.
The RustBucket malware allows operators to download and execute various payloads. The attribution to the BlueNoroff APT is due to the similarities in the findings that emerged from Kaspersky’s analysis published in December 2022. The similarities include malicious tooling on macOS that closely aligns with TTPs of those employed in the campaign."

Link

TLP¹ : Green

• BlackCat ransomware pushes Cobalt Strike via WinSCP search ads

"The BlackCat ransomware group (aka ALPHV) is running malvertizing campaigns to lure people into fake pages that mimic the official website of the WinSCP file-transfer application for Windows but instead push malware-ridden installers.
WinSCP (Windows Secure Copy) is a popular free and open-source SFTP, FTP, S3, SCP client, and file manager with SSH file transfer capabilities with 400,000 weekly downloads on SourceForge alone.
BlackCat is using the program as a lure to potentially infect the computers of system administrators, web admins, and IT professionals for initial access to valuable corporate networks.
This previously unknown ALPHV ransomware infection vector was discovered by analysts at Trend Micro, who spotted ad campaigns promoting the fake pages on both Google and Bing search pages."

Link

TLP¹ : Green

• Snappy: A tool to detect rogue WiFi access points on open networks

"Cybersecurity researchers have released a new tool called 'Snappy' that can help detect fake or rogue WiFi access points that attempts to steal data from unsuspecting people.
Attackers can create fake access points in supermarkets, coffee shops, and malls that impersonate real ones already established at the location. This is done to trick users into connecting to the rogue access points and relay sensitive data through the attackers' devices.
As the threat actors control the router, they can capture and analyze the transferred data by performing man-in-the-middle attacks.
Trustwave's security researcher and wireless/RF tech enthusiast Tom Neaves explains that spoofing the MAC addresses and SSIDs of legitimate access points on open networks is trivial for determined attackers."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp