InfoSec News 20230707
Top News
-
Apps with 1.5M installs on Google Play send your data to China
"Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what's needed to offer the promised functionality.
The apps, both from the same publisher, can launch without any interaction from the user to steal sensitive data and send it to servers in China.
Despite being reported to Google, the two apps continue to be available in Google Play at the time of publishing."
TLP1 : Green
-
Microsoft investigates Outlook.com bug breaking email search
"Microsoft is investigating an ongoing issue preventing Outlook.com users from searching their emails and triggering 401 exception errors.
When searching, users see an error saying, "Sorry, something went wrong. Please try again later."
"Our initial review of Outlook.com server logs, in parallel with HTTP Archive format (HAR) logs captured during an internal reproduction of impact, indicates 401 errors are occurring due to an exception when users attempt to perform the search," Microsoft says on the service health portal.
"We're continuing to investigate to confirm the source generating these exception errors and determine methods to remediate impact.""
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
CISA and FBI warn of Truebot infecting US and Canada based organizations
"A new variant of the Truebot malware was used in attacks against organizations in the United States and Canada. Threat actors compromised target networks by exploiting a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software tracked as CVE-2022-31199."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Nickelodeon investigates breach after leak of 'decades old’ data
"Nickelodeon has confirmed that the data leaked from an alleged breach of the company is legitimate but some of it appears to be decades old.
Nickelodeon is a Paramount-owned American pay TV channel that produces and airs content aimed at children and family audiences.
At the end of June, a rumor emerged about a major leak from Nickelodeon's animation department. Proof of the alleged data leak started circulating on social media, showing an extensive collection of reportedly 500GB in documents and media files."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Now’s the Time for a Pragmatic Approach to New Technology Adoption
"To say there’s been a lot of hype around AI lately would be an understatement. We’ve all seen headlines touting how AI could change the future of work – even the entire course of history. And we shouldn’t be surprised to see AI live up to its billing, eventually. But for AI to have a positive impact on organizations more quickly than any technology innovation to date, we need to learn from the past.
For those of us who have been in technology for a while, particularly as it applies to enterprise environments, let’s remember that “technology for technology’s sake” is merely interesting. It becomes meaningful and, yes, even life-changing when it is approached pragmatically and used to solve specific problems."
TLP1 : Green
-
Close Security Gaps with Continuous Threat Exposure Management
"CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and networks. They are hindered by a lack of open-source intelligence and powerful technology required for proactive, continuous, and effective discovery and protection of their systems, data, and assets.
As advanced threat actors constantly search for easily exploitable vulnerabilities around the clock, CISOs are in pursuit of improved methods to reduce threat exposures and safeguard their assets, users, and data from relentless cyber-attacks and the severe consequences of breaches."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
The growth of commercial spyware based intelligence providers without legal or ethical supervision
"Attackers have long used commercial products developed by legitimate companies to compromise targeted devices. These products are known as commercial spyware. Commercial spyware operations mainly target mobile platforms with zero- or one-click zero-day exploits to deliver spyware. This threat initially came to light with the leaks of HackingTeam back in 2015, but gained new notoriety with public reporting on the NSO Group, and, in the years that have followed, the landscape has exploded.
There are now numerous companies with similar offerings, like Intellexa, DSIRF, Variston IT, and the newly disclosed Quadream representing just a small subset — there are likely more that are operating covertly today."
TLP1 : Green
-
The AI Dividend
"For four decades, Alaskans have opened their mailboxes to find checks waiting for them, their cut of the black gold beneath their feet. This is Alaska’s Permanent Fund, funded by the state’s oil revenues and paid to every Alaskan each year. We’re now in a different sort of resource rush, with companies peddling bits instead of oil: generative AI.
Everyone is talking about these new AI technologies—like ChatGPT—and AI companies are touting their awesome power. But they aren’t talking about how that power comes from all of us. Without all of our writings and photos that AI companies are using to train their models, they would have nothing to sell. Big Tech companies are currently taking the work of the American people, without our knowledge and consent, without licensing it, and are pocketing the proceeds.
You are owed profits for your data that powers today’s AI, and we have a way to make that happen. We call it the AI Dividend."
TLP1 : Green
-
BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days
"Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify.
Recently, Microsoft's Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes' terrifying velocity and damaging nature.
The findings indicate that hackers can complete the entire attack process, from gaining initial access to causing significant damage, in just five days. They waste no time infiltrating systems, encrypting important data, and demanding a ransom to release it."
TLP1 : Green
-
Google Searches for 'USPS Package Tracking' Lead to Banking Theft
"Threat actors are impersonating the United States Post Office (USPS) in a legitimate-looing malvertising campaign that diverts victims to a phishing site to steal payment-card and banking credentials, researchers have found.
A malicious ad appears on Google searches for both mobile and desktop users looking to track packages via the USPS website, Jérôme Segura, director of threat intelligence at Malwarebytes Labs revealed in a blog post published July 5."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.