"SSH is a vital tool for the safe operation of a networked world – anything that undermines it is really bad news"

#CoSoSec #OpenSource

In discovering malicious code that endangered global networks in open-source software, Andres Freund exposed our reliance on insecure, volunteer-maintained tech

One engineer’s curiosity may have saved us from a devastating cyber-attack

https://www.theguardian.com/commentisfree/2024/apr/06/xz-utils-linux-malware-open-source-software-cyber-attack-andres-freund

Google Public DNS’s approach to fight against cache poisoning attacks

#CoSoSec #DNS

http://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html

Hackers have successfully manipulated a default plugin within the Notepad++ package, potentially compromising the security of countless systems.

#CoSoSec

The plugin in question, “mimeTools.dll,” is a standard component of Notepad++ that provides encoding functionalities

https://asec.ahnlab.com/ko/63738/

ASEC has provided the following indicators of compromise (IoCs) for users to check their systems:

ICYMI

posted about this a while back

Detect when your installed Chrome extensions have changed owners.

#CoSoSec

https://github.com/classvsoftware/under-new-management

Intermittently checks your installed extensions to see if the developer information listed on the Chrome Web Store has changed. If anything is different, the extension icon will display a red badge, alerting you to the change.

more here:

https://counter.social/@ecksmc/112068903615008340

#TipsAndTricks #CoSoSec

Because Facebook collects data even when you’re logged off, you should be aware of what information is getting tracked. Facebook uses tracking cookies that are stored on your computer or mobile device. These cookies are files that contain logged information about your online activity.

#Meta #Facebook

How To Stop Facebook From Tracking You [2024 Guide]

https://allaboutcookies.org/how-to-turn-off-facebook-tracking

Free VPN Apps on Google Play Turn Phones into Proxies

#VPN #CoSoSec

Several free Android VPN apps have been found to support a malicious residential proxy operation named ‘Proxylib.’

https://restoreprivacy.com/free-vpn-apps-on-google-play-turn-phones-into-proxies/

The kids who hacked the CIA

#Hackers #CoSoSec

https://youtu.be/PmtFtWVrxFE

Some of us would be happy being rated 7.5 out of 10, just sayin'

Two DNSSEC vulnerabilities were disclosed last month with similar descriptions and the same severity score, but they are not the same issue

#DNS #CoSoSec

https://theregister.com/2024/03/26/software_risk_scores/

'Mass surveillance' fears over law change plans in UK

#CoSoSec

The UK tech industry has deep concerns over government plans to amend a law dubbed a "snooper's charter".

Ministers insist their changes to the Investigatory Powers Act is intended to keep UK citizens safe.

But, in a statement, trade body techUK said the changes were neither balanced nor proportionate.

German authorities took down the Nemesis Market, a major online marketplace for drugs, cybercrime services and stolen credit card data.

#CoSoSec

Investigators seized the Nemesis Market platform’s server infrastructure in Germany and Lithuania on Wednesday

Press release from the Frankfurt am Main Public Prosecutor's Office - ZIT - and the Federal Criminal Police Office

https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2024/Presse2024/240321_PM_Nemesis_Market.html

new variant of the wiper malware AcidRain, known as AcidPour, has been discovered by SentinelOne’s threat intelligence team, SentinelLabs.

#CoSoSec

https://threadreaderapp.com/thread/1769726024600768959.html

AcidRain and AcidPour have a similar reboot mechanism.

https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/

More here:

https://www.infosecurity-magazine.com/news/acidpour-wiper-linux-ukraine/

The International Monetary Fund (IMF) recently detected a cybersecurity incident that involved nearly a dozen email accounts getting hacked.

#CoSoSec

In a statement issued last week, the United Nations financial institution said it detected the security breach on February 16, 2024.

https://www.imf.org/en/News/Articles/2024/03/15/pr2488-imf-investigates-cyber-security-incident

The IMF told Reuters that the list of hacked accounts did not include the ones of Managing Director Kristalina Georgieva or other top officials.

https://www.reuters.com/technology/cybersecurity/imf-says-its-investigating-cyber-security-incident-2024-03-15/

New research has shed light on the profound impact of ransomware attacks on the IT and construction sectors these industries bore the brunt of nearly half of all incidents in 23

#CoSoSec

https://www.ontinue.com/resource/deep-dive-into-new-2023-threat-intelligence-report/

the report forecasts continued challenges in 2024, with artificial intelligence (AI) exploitation, IoT vulnerabilities and evolving ransomware operations expected to remain key concerns. the rise of hacktivism and the proliferation of hack-for-hire services sound additional alarm bells

new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT.

#CoSoSec

Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu.

https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/

The starting point is a Salary-themed phishing email that purports to be from the accounting department and urges recipients to open the attached Microsoft Word document to view the "monthly salary report."

BTW ProtonVPN free version now won't let you pick what server you want or country it auto-picks the nearest country from the free countries available and the nearest server inside that country

#VPN #CoSoSec

bummer before you could pick between Japan, Netherlands, Poland, Romania or the US and all had more than ten servers one in different regions in each country

guess the free version was getting too popular

Google has an interesting game you can play called odd one out, where you're presented with 4 images, one of which is AI generated.

#AI #CoSoSec

It's scary how hard it is to get right

https://artsandculture.google.com/experiment/odd-one-out/wAHNn4JsVTFOiw

eSIM Vulnerabilities: SIM Swappers Exploit Flaws, Hijack Phone Numbers

#CoSoSec

According to a new report, SIM-swapping crimes are rising worldwide, mainly committed by eSIM (Embedded Subscriber Identity Modules) users.

https://www.cysecurity.news/2024/03/esim-vulnerabilities-sim-swappers.html

ICYMI

Sim-swap fraud: How your bank account can be emptied ...

https://www.theguardian.com/money/2024/feb/19/sim-swap-how-your-bank-account-can-be-emptied-by-phone

New acoustic attack determines keystrokes from typing patterns

#CoSoSec

Researchers Alireza Taheritajar and Reza Rahaeimehr from Augusta University in the U.S. have published a technical paper presenting the details of their unique acoustic side-channel method.

(PDF)

https://arxiv.org/pdf/2403.08740.pdf

AT&T says leaked data of 70 million people is not from its systems - the #DataBreach is from 2021 AT&T said back then it wasn't real when someone tried selling the data now someone else is selling the same data and they have decrypted some of it

#CoSoSec

BleepingComputer reviewed the data, and while we cannot confirm that all 73 million lines are accurate, we verified some of the data contains correct information, including social security numbers, addresses, dates of birth, and phone numbers

Diogo Santos Coelho from Portugal faces a 52-year sentence for alleged cybercrime relating to RaidForums site

#CoSoSec

Vulnerable man pleads with UK government to block extradition to US

https://www.theguardian.com/law/2024/mar/15/diogo-santos-coelho-pleads-uk-block-us-extradition-cybercrime-raidforums

He states he is vulnerable, has autism, and was groomed as a child to run RaidForums

¯\(°_o)/¯