🤦♂️
The Electoral Commission has confirmed it failed a basic cyber-security test around the same time hackers gained entry to the organisation.
A whistleblower told the BBC that the Commission was given an automatic fail during a Cyber Essentials audit.
Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file.
The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023.
Equipment manufacturers commonly employ uncomplicated passwords like "admin" or "password" for all their shipped devices, with the assumption that users will modify these passwords during the initial configuration process
always change that default password ALWAYS on everything that has one
Some customers of LogicMonitor, a network security firm, have been compromised by hacking attacks due to their use of default passwords.
https://www.cysecurity.news/2023/09/default-passwords-lead-to-hacking.html
Prompt injection refers to a technique where users input specific prompts or instructions to influence the responses generated by a language model like ChatGPT.
threat actors mainly use this technique to mod the ChatGPT instances for several malicious purposes
https://gbhackers.com/hackers-compromised-chatgpt-model/
An independent security researcher recently developed and launched a new tool “promptmap” that will enable users to test the prompt injection attacks on ChatGPT instances.
A Chinese-speaking cyber-criminal group named “Smishing Triad” has been observed conducting a large-scale smishing campaign targeting US citizens.
The group uses iMessage to send package-tracking text scams, aiming to collect personally identifying information (PII) and payment credentials for identity theft and credit card fraud.
https://www.infosecurity-magazine.com/news/smishing-triad-china-fraud-network/
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps
ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs
How Cybercriminals Abuse #Airbnb For Fraudulent Activities
Among the methods employed by cyber-criminals to gain unauthorized access to user accounts, session cookies play a significant role
Cyber-criminals purchase stolen Airbnb account cookies from underground forums, granting them unauthorized entry without needing valid usernames and passwords. Though short-lived, these stolen access windows are swiftly exploited by attackers.
report
https://slashnext.com/blog/how-cybercriminals-abuse-airbnb-for-fraudulent-activities/
Five Eyes agencies have issued a joint report on the malware used recently by Russian state-sponsored hackers to target Android devices belonging to the Ukrainian military.
The new malware, named Infamous Chisel, is actually a collection of components designed to provide persistent backdoor access to compromised Android devices over the Tor network, and enable the attackers to collect and exfiltrate data.
(PDF URL)
Nearly a third of organizations compromised by Chinese cyberspies via a critical bug in some Barracuda Email Security Gateways were government units, according to Mandiant.
And, the Google-owned team warned, it's not over yet
Barracuda gateway attacks: How Chinese snoops keep a grip on victims' networks
https://www.theregister.com/2023/08/30/mandiant_barracuda_esg_bug/
Hackers Can Silently Grab Your IP Through Skype.
(by simply sending a link over the Skype mobile app)
Microsoft Is In No Rush to Fix It
https://www.404media.co/hackers-find-your-skype-ip-address-microsoft-wont-fix
VULNERABILITY:
Firefox only stores up to 1024 HSTS entries.
When the limit is reached, Firefox discards entries based on their age and recent visits to the domain in question.
Researchers at cybersecurity company Deep Instinct developed three new attacks to elevate privileges on a Windows machine without leaving too much evidence and without being detected by numerous security products.
We are excited to let you know that we have updated the hashing function in Tutanota to Argon2 - the most secure algorithm. This is the first step on our road of becoming a post-quantum secure email provider as this hashing function can generate much larger encryption keys used to secure your Tutanota emails, calendars and contacts.
Data Breach
Duolingo
In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum.
Update now! WinRAR files can be abused to run malware
Users should install the latest version (WinRAR 6.23 or later) at their earliest convenience.
The update release notification states that another vulnerability was fixed, described as:
“WinRAR could start a wrong file after a user double clicked an item in a specially crafted archive.”
Security News This Week:
US Energy Firm Targeted With Malicious QR Codes in Mass Phishing Attack
#CyberCrime #CoSoSec #CyberSecurity
Plus: New research reveals the strategies hackers use to hide their malware distribution system, and companies are rushing to release mitigations for the “Downfall” processor vulnerability on Intel chips.
An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts.
In many of the examples we saw the new email address was linked to the Russian “rambler.ru” service. This does not necessarily mean the attack is originating from Russia
cont.....
An international law enforcement operation led by Interpol has led to the arrest of 14 suspected cybercriminals in an operation codenamed 'Africa Cyber Surge II,' launched in April 2023.
The four-month operation spanned 25 African countries and disrupted over 20,000 cybercrime networks engaged in extortion, phishing, BEC, and online scams, responsible for financial losses of over $40,000,000.
Unless properly configured, most browsers contain lots of private information that can be exploited – or simply collected – by various third parties:
“private” or “incognito” browsing will not protect you
12 Secure Browsers That Protect Your Privacy in 2023
Quit MS Outlook - Now You've Got More Reason Than Ever
No other email service compares to the level of security of Tutanota email clients
security vulnerabilities discovered in Outlook and other Microsoft tools - and these are only part of a long line of security issues reported about MS Outlook.
E = Mc2 - Energy Milk Coffee
Fáilte Abhaile 🏴 “a nod’s as guid as a wink tae a blind horse”
ta be aff yer heid helps