Top News

• WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls

"Meta-owned WhatsApp is officially rolling out a new privacy feature in its messaging service called "Protect IP Address in Calls" that masks users' IP addresses to other parties by relaying the calls through its servers."

Link

TLP¹ : Green

• Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

"A new set of malicious Python packages has slithered their way to the Python Package Index (PyPI) repository with the ultimate aim of stealing sensitive information from compromised developer systems."

Link

TLP¹ : Green

• Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation

"Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Experts Expose Farnetwork's Ransomware-as-a-Service Business Model

"Cybersecurity researchers have unmasked a prolific threat actor known as farnetwork, who has been linked to five different ransomware-as-a-service (RaaS) programs over the past four years in various capacities."

Link

TLP¹ : Green

• Cambridge man blackmailed women with explicit photos after hacking accounts

"A man from Cambridge who hacked into women's private accounts and threatened to share their photos has been jailed. Sean Mokler, 30, searched online forums where people share leaked login details from platforms including OnlyFans, Snapchat and other platforms, even private iCloud accounts."

Link

TLP¹ : Green

• Warning to developing countries over Chinese hacking

"China’s powerful spy agency has successfully penetrated the computer networks of 24 Cambodian government agencies, in a lesson to developing countries in the Indo-Pacific that getting closer to Beijing doesn’t make them immune from cyberattacks."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Marina Bay Sands Discloses Data Breach Impacting 665k Customers

"The incident affects Marina Bay Sands’ shopping loyalty program members. There is no indication to date that the Sands Rewards Club casino rewards program was impacted as well."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Apple’s Find My Network Leaks Your Passwords & Windows Drivers Filled with Security Holes

"Apple’s ‘Find My’ network, a beacon of hope for locating misplaced or stolen Apple devices, has now been revealed as a potential conduit for cyber malfeasance."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Guide: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks

"The solution, though, is not to stop the use of generative AI. Some may try that approach, but it is destined to fail. MSPs, MSSP and vCISOs should be proactive in bringing these security concerns to the attention of their clients. That's what they expect from a true partner."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Elevationstation - Elevate To SYSTEM Any Way We Can! Metasploit And PSEXEC Getsystem Alternative

"Stealing and Duplicating SYSTEM tokens for fun & profit! We duplicate things, make twin copies, and then ride away.

You have used Metasploit's getsystem and SysInternals PSEXEC for getting system privs, correct? Well, here's a similar standalone version of that...but without the AV issues...at least for now"

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp