Microsoft cloud services are scanning for malware by peeking inside users’ zip files, even when they’re protected by a password, several users reported on Mastodon on Monday.

https://infosec.exchange/@threatresearch/110373860063222707

“If you mail yourself something and type something like 'ZIP password is Soph0s', ZIP up EICAR and ZIP password it with Soph0s, it'll find (the) password, extract and find (and feed MS detection),”

#CoSoSec

https://arstechnica.com/information-technology/2023/05/microsoft-is-scanning-the-inside-of-password-protected-zip-files-for-malware/

SimpleX Chat v5.0 is released

https://mastodon.social/@simplex/110243900932768010

What's new in v5.0:

send videos and files up to 1gb
app passcode independent from system authentication
networking improvements

Also, we added Polish interface language, thanks to the users' community and Weblate.

#CoSoSec

https://simplex.chat/blog/20230422-simplex-chat-vision-funding-v5-videos-files-passcode.html

Representatives of four of the five Five Eyes nations outlined the growing threat ransomware poses and approaches to thwart it

#CoSoSec

https://www.infosecurity-magazine.com/news/ransomware-threat-five-eyes/

Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel

Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten, Cobalt Illusion, ITG18, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda

EDUCATED MANTICORE – IRAN ALIGNED THREAT ACTOR TARGETING ISRAEL

#CoSoSec

https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-targeting-israel-via-improved-arsenal-of-tools/

Google Authenticator now syncs with your Google account for easy access across devices

In a security blog post, the company stated it is rolling out an update for the Authenticator app so users can sync those passwords with their Google accounts on Android and iOS.

#CoSoSec #TipsAndTricks

https://security.googleblog.com/2023/04/google-authenticator-now-supports.html

Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack.

Black Basta ransomware and extortion gang claims responsibility for the attack and has posted sensitive documents and data over the weekend.

#CoSoSec

https://www.bleepingcomputer.com/news/security/yellow-pages-canada-confirms-cyber-attack-as-black-basta-leaks-data/

In its threat analysis report, Citizen Lab revealed that NSO Group began exploiting new zero-day vulnerabilities in iOS. Notably, Lockdown Mode thwarted at least two of those serious vulnerabilities, even though the bad actors may have eventually found their way around the shield with new flaws.

#CoSoSec

https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/

If you haven't patched Microsoft Process Explorer, prepare to get pwned

(report)

https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/

AuKill hit the scene in the wake of a rash of cases reported by a number of cybersecurity vendors – not only Sophos, but also SentinelOne, Microsoft, and Google's Mandiant – where multiple attackers created malicious drivers and then duped Microsoft into signing to give them the veneer of legitimacy

#CoSoSec

https://theregister.com/feed/www.theregister.com/2023/04/24/microsoft_driver_aukill_ransomware/

Proton, the company behind Proton Mail, has announced the launch of a new password manager: Proton Pass. While the service will eventually become free for everyone to use, it’s currently only available as a beta to Proton’s Lifetime and Visionary users for now.

#CoSoSec

while many other password managers only encrypt the password field, Proton Pass uses end-to-end encryption on all fields (including the username, web address, and more).

https://proton.me/blog/proton-pass-beta

Every time we surf the web, we inevitably give up some of our privacy(most, if not all, of that data ends up with a data broker)

If you’re wondering how to remove yourself from data broker sites but don’t know where to start, this guide offers an introduction.

Removing your information from a data broker involves identifying the institution storing your data and following their protocols for deleting that information

#CoSoSec

https://privacy.com//blog/how-to-remove-yourself-from-data-broker-sites

Mint Sandstorm is the new name for the Phosphorous hacking group, believed to work for the Iranian government and linked to the Islamic Revolutionary Guard Corps (IRGC)

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

#CoSoSec

https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/

wait....wut....oh i read that correctly

New: we went into the wild underground world of car thieves who use tech hidden inside old Nokia phones and Bluetooth speakers. Lets them steal luxury cars without the key in seconds. Walk up, plug in, open door, start engine, go. Happening across U.S.

#CoSoSec

https://www.vice.com/en/article/v7beyj/car-thieves-tech-hidden-old-nokia-phones-bluetooth-speakers-emergency-engine-start-keyless

It was only a matter of time before a popular password manager, such as Bitwarden, would create a secrets manager, an application to create and store security tokens so they don’t have to be hard-coded into the application itself. It makes sense, especially given that Bitwarden is open source and the folks behind it seem to understand the growing need for managing secrets in cloud native and container technology

Walkthrough: Bitwarden’s New Secrets Manager

#CoSoSec

https://thenewstack.io/walkthrough-bitwardens-new-secrets-manager/

The Deep, Dark Web – The Underground – is a haven for cybercriminals, teeming with tools and resources to launch attacks for financial gain, political motives, and other causes.

the underground also offers a goldmine of threat intelligence and information that can be harnessed to bolster your cyber defense strategies?

#CoSoSec

Discover how to pierce the veil of darkness and illuminate the path to a more secure cyber landscape in our exclusive, high-impact webinar.

https://thehacker.news/dark-web-intelligence

Google has published an urgent Chrome security upgrade.

Users on the Stable Desktop channel are receiving the updated version, which will gradually become available to all users in the coming days or weeks.

Users of Chrome should update as soon as possible to version 112.0.5615.121 since it fixes the CVE-2023-2033 vulnerability on Windows, Mac, and Linux platforms

#CoSoSec

Lantern anonymizes your data in transit, and the brand notes that it flushes server logs every day and doesn't store any user data

Lantern is available for Android, iOS, Windows, Mac, and Linux, and you can also download the installers via its GitHub page.

#CoSoSec

https://lantern.io/

fedex 🤔 been getting these for over a week+ now

seems whoever is behind the FedEx phishing got annoyed the emails were landing in my spam folder so decided to try a different approach

i mean, talk about be pushy fuckers 😂 really it kinda worked it bypassed my spam filters and landing in my inbox, important msgs, so, 4 out 10 nice try

#CoSoSec

Microsoft Threat Intelligence experts say a threat group is associated with “QuaDream,” an Israeli-based private sector offensive actor (PSOA).

It employed a zero-click exploit called END OF DAYS to compromise the iPhones of high-risk individuals

Reports say QuaDream sells a platform called REIGN to governments for use in law enforcement. A collection of malware, exploits, infrastructure called REIGN is explicitly made to exfiltrate data from mobile devices

#CoSoSec

https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/

Hackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware visitors.

The campaign has been underway since November 2022, and according to NTT's security analyst Rintaro Koike, it shifted up a gear after February 2023, expanding its targeting scope to cover users who speak Japanese, Korean, and Spanish.

#CoSoSec

https://insight-jp.nttsecurity.com/post/102ic6o/webgoogle-chrome

#Android #CoSoSec

threat actors can purchase a Google Play developer account – either hacked or newly created by the sellers – for anywhere between $60 and $200, depending on the number of already published apps and download counts

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses.

https://thehackernews.com/2023/04/cybercriminals-turn-to-android-loaders.html