InfoSec News

Exploits and TrickBot disrupt manufacturing operations via Malwarebytes Labs

Introducing Patch Management for OneView via Malwarebytes Labs

Twitter security under scrutiny after former executive turns whistleblower via Malwarebytes Labs

Update now! GitLab issues critical security release for RCE vulnerability GitLab has released versions 15.3.1, 15.2.3, 15.1.5 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and it’s recommended that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab GitLab and GitHub are open-source code repository platforms allowing anyone to collaborate on projects. GitLab focuses on providing tools for teams working on software development projects (repositories), while GitHub focuses more on managing the workflow of individual developers and organizations. The name GitLab was chosen because it combines GitHub and Lighthouse (the company that develops the source code management system). GitLab has millions of users worldwide. Since no specific deployment type (omnibus, source code, helm chart, etc.) is mentioned in the release, this means all ty...

Binance chief says a “sophisticated hacking team” turned him into a deepfake hologram Deepfakes are back, and causing major problems for people involved in financial circles. Scammers have been targeting people in the cryptocurrency community for some time now. There’s huge money to be made via the act of ripping folks off. Some of it is phishing, other attacks focus on breaking into currency exchanges. A few of these have dabbled in (very poorly done) Elon Musk deepfakes . The clips are bad, the voice an overt mashup of clipped and broken dialogue. All in all: not very convincing. Well, scammers are back for another go. Behold the Deepfake hologram In this case, it's a deepfake hologram impersonating Patrick Hillmann, Chief Communications Officer (CCO) at Binance. Hillman states that a “sophisticated hacking team” raided the old footage archives. News interviews, TV appearances, anything that they could get their hands on. The aim of the game? To use this footage and creat...

How to check the Privacy Report for website tracking in Safari Jack Wallen shows you how to view the Safari Privacy Report so you can see just how prevalent trackers are on the sites you visit. via Latest stories for ZDNET in Security

How 'Kimsuky' hackers ensure their malware only reach valid targets The North Korean 'Kimsuky' threat actors are going to great lengths to ensure that their malicious payloads are only downloaded by valid targets and not on the systems of security researchers. [...] via BleepingComputer (author: Bill Toulas)

LastPass developer systems hacked to steal source code Password management firm LastPass was hacked last week, allowing threat actors to steal the company's source code and proprietary technical information. [...] via BleepingComputer (author: Lawrence Abrams)

How to secure a Mac for your kids via Malwarebytes Labs

Reset your password now! Plex suffers data breach via Malwarebytes Labs

6 reasons MSPs need a patch management platform via Malwarebytes Labs

ChromeOS vulnerability found by Microsoft Microsoft recently released a report about a ChromeOS remote memory corruption vulnerability . The issue has already been fixed. In fact, it was reported to Google in April. The fix was applied shortly after, and released on June 15 . The resulting deep-dive from Microsoft is a fascinating look at how one technology giant addresses another’s bugs and issues. A critical issue The problem, known as CVE-2022-2587 on the Common Vulnerabilities and Exposures (CVE) list, caused big headaches for Chrome. It also racked up a Common Vulnerability Score (CVSS) of 9.8, which results in it being tagged as “Critical”. As per the description: Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata. This is a memory corruption vulnerability in a ChromeOS component. As per the Microsoft report, it can be triggered ...

Windows Terminal is now the default terminal in Windows 11 dev builds Microsoft has finally made Windows Terminal the default terminal in Windows 11 Insider 'Dev' preview builds, bringing a new modern interface for all your command-line programs. [...] via BleepingComputer (author: Lawrence Abrams)

Quantum ransomware attack disrupts govt agency in Dominican Republic The Dominican Republic's Instituto Agrario Dominicano has suffered a Quantum ransomware attack that encrypted multiple services and workstations throughout the government agency. [...] via BleepingComputer (author: Lawrence Abrams)

Chrome 'Internet Download Manager' adware has 200,000 installs Google Chrome extension 'Internet Download Manager' installed by more than 200,000 users is adware. The extension has been sitting on the Chrome Web Store since at least June 2019, according to the earliest reviews posted by users. [...] via BleepingComputer (author: Ax Sharma)

Pirated 3DMark benchmark tool delivering info-stealer malware Cybersecurity researchers have discovered multiple ongoing malware distribution campaigns that target internet users who seek to download copies of pirated software. [...] via BleepingComputer (author: Bill Toulas)

GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Community Edition (CE) and Enterprise Edition (EE) starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3, via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Google flags man as sex abuser after he sends photos of child to doctor via Malwarebytes Labs

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover In September 2021 we told you about insecure Hikvision security cameras that were ready to be taken over remotely. However, according to a whitepaper published by CYFIRMA , tens of thousands of systems used by 2,300 organizations across 100 countries have still not applied the security update, and are therefore vulnerable to exploitation. The vulnerability According to the researcher that reported it last year, the vulnerability has existed at least since 2016. All an attacker needs is access to the http(s) server port (typically 80/443). No username or password is needed, nor are any actions needed from the camera owner, and the attack is not detectable by any logging on the camera itself. A cybercriminal could exploit the vulnerability to launch a command injection attack by sending some messages with specially crafted commands. The patch The flaw is tracked as CVE-2021-36260 and was address...

VMware Carbon Black causing BSOD crashes on Windows Windows servers and workstations at dozens of organizations started to crash earlier today because of an issue caused by certain versions of VMware's Carbon Black endpoint security solution. [...] via BleepingComputer (author: Ionut Ilascu)

Criminals socially engineer their way to bank details with fake arrest warrants via Malwarebytes Labs

Cryptojackers growing in numbers and sophistication via Malwarebytes Labs

CISA wants you to patch these actively exploited vulnerabilities before September 8 On Thursday, CISA (the US Cybersecurity and Infrastructure Security Agency) updated its catalog of actively exploited vulnerabilities by adding seven new entries. These flaws were found in Apple, Google, Microsoft, Palo Alto Networks, and SAP products. CISA set the due date for everyone to patch the weaknesses by September 8, 2022. CVE-2022-22536, an SAP flaw with the highest risk score of 10, is one of the seven. We wrote about it in February, and thankfully, SAP addressed the issue fairly quickly, too, by issuing a patch. CISA even mentioned that if customers fail to patch CVE-2022-22536, they could be exposed to ransomware attacks, data theft, financial fraud, and other business disruptions that'd cost them millions. CVE-2022-32893 and CVE-2022-32894 , the two zero-day, out-of-bounds write vulnerabilities affecting iOS, iPadOS, and macOS, continue to headline as of this writing. These ar...

Reddit users crowdsourcing explicit images and identities The BBC is warned of a large photograph trading ring which operated on popular group forum site Reddit. These warnings are in relation to stolen nude photographs and other content shared without permission. In this case, even non-explicit photos are being posted alongside frequently degrading and inappropriate comments. Some of them even tip into potential threats and harassment. What is going on here? Non-consensual image theft on a grand scale We’ve previously highlighted regular images stolen and used as bait to lure people to pornography sites. On this occasion, the reporter was tipped off after a contact found their own photograph posted to the subreddit (which is a topic-specifc forum on Reddit) in question alongside various derogatory comments. The BBC reporter quickly discovered a large ring of individuals not only “sharing, trading, and selling explicit imagesm," but also teaming up to figure out where th...

A week in security (August 15 - August 21) Last week on Malwarebytes Labs: ● Donut breach: Lessons from pen-tester Mike Miller: Lock and Code S03E17 ● Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories ● JSSLoader: the shellcode edition ● CISA and FBI issue alert about Zeppelin ransomware ● How to secure a Windows PC for your kids ● Ransomwater confusion, does the criminal know who the victim is? ● Update Chrome now! Google issues patch for zero-day spotted in the wild ● Nearly 2,000 Signal users affected by Twilio phishing attack ● $6 million heist targets video game skin trading site ● Urgent update for macOS and iOS! Two actively exploited zero-days fixed ● Bad rhythm: Janet Jackson song resonates poorly with some old hard drives ● How IT teams can prevent phishing attacks with Malwarebytes DNS filtering ● Attackers waited until holidays to hit US government ● Business Services industry targeted ...

CISA is warning of high-severity PAN-OS DDoS flaw used in attacks A recent vulnerability found in Palo Alto Networks' PAN-OS has been added to the catalog of Known Exploitable Vulnerabilities from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). [...] via BleepingComputer (author: Ionut Ilascu)

Meet Borat RAT, a New Unique Triple Threat Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen? RAT malware typically helps cybercriminals gain complete control of a victim's system, permitting them to access network resources, files, and power to toggle the mouse and via The Hacker News (author: noreply@blogger.com (The Hacker News))

Microsoft: How we unearthed a critical flaw in ChromeOS, and how Google fixed it Attackers could have remotely exploited this rare ChromeOS flaw by manipulating audio metadata. via Latest stories for ZDNET in Security

Hackers are using this sneaky exploit to bypass Microsoft's multi-factor authentication Attackers guessed the password of a dormant account and were able to apply their own MFA to it - providing access to the victim's network. via Latest stories for ZDNET in Security

RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband (UWB) Real-time Locating Systems (RTLS), enabling threat actors to launch adversary-in-the-middle (AitM) attacks and tamper with location data. "The zero-days found specifically pose a security risk for workers in industrial environments," cybersecurity firm Nozomi Networks disclosed in a technical write-up last week. " via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Critical infrastructure is under attack from hackers. Securing it needs to be a priority - before it's too late A ransomware gang recently infiltrated a water company, and critical infrastructure providers need to take lessons from it to avoid potentially catastrophic consequences. via Latest stories for ZDNET in Security

LockBit claims ransomware attack on security giant Entrust, leaks data The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. [...] via BleepingComputer (author: Lawrence Abrams)

An encrypted ZIP file can have two correct passwords — here's why Password-protected ZIP archives are common means of compressing and sharing sets of files—from sensitive documents to malware samples to even malware (phishing "invoices" in emails). But, did you know it is possible for an encrypted ZIP file to have two correct passwords, with both producing the same outcome on extraction? [...] via BleepingComputer (author: Ax Sharma)

Hackers target hotel and travel companies with fake reservations A hacker tracked as TA558 has upped their activity this year, running phishing campaigns that target multiple hotels and firms in the hospitality and travel space. [...] via BleepingComputer (author: Bill Toulas)

They both used Apple AirTags to track their possessions. Only one turned out well Many are resorting to AirTags as a way to know where their lost or stolen items are. This doesn't always solve the problem. via Latest stories for ZDNET in Security

Explained: Steganography via Malwarebytes Labs

Spying on the spies. See what JavaScript commands get injected by in-app browsers via Malwarebytes Labs

Tech support scammers target Microsoft users with fake Office 365 USB sticks Microsoft is a hot target for scammers and acts of fraud. For example, tech support scam websites cover themselves in Windows branding and messages. Phone scammers claim to be calling directly from Microsoft. If it’s not a Bill Gates themed lottery spam mail in your mailbox, it’s a fake Excel spreadsheet laden with dangerous Macros. Well, Microsoft is now issuing a warning related to a recent scam riding on the coat-tails of their branding. Criminals are producing very slickly designed physical boxes made to look like Microsoft products. The boxes say “Microsoft Office Professional Plus” on the front, along with “product key inside - no disc” at the bottom. Opening the box reveals a solitary USB stick and a product key. This is about to go as horribly wrong as you'd expect. Why mysterious USB sticks are probably not your friend We’ve warned at length about the dangers of plugging random USB stic...

The Week in Ransomware - August 19th 2022 - Evolving extortion tactics Bringing you the latest ransomware news, including new research, tactics, and cyberattacks. We also saw the return of the BlackByte ransomware operation, who has started to use new extortion tactics. [...] via BleepingComputer (author: Lawrence Abrams)

The 5 best VPN deals right now: August 2022 What is the best VPN deal? Surfshark VPN is ZDNET's top choice because of its low cost relative to its strong performance. We compared these VPNs' prices and value to bring you the best current deals. via Latest stories for ZDNET in Security

Business Services industry targeted across the country for backdoor access via Malwarebytes Labs

Attackers waited until holidays to hit US government via Malwarebytes Labs

JSSLoader: the shellcode edition via Malwarebytes Labs

Bad rhythm: Janet Jackson song resonates poorly with some old hard drives Janet Jackson’s Rhythm Nation music video would have caused quite the commotion back in the old Windows XP days. If you’re still running a certain model of an OEM hard drive from the Windows XP days, you may still be liable to experience the same thing today. However, said commotion was not solely down to the choreography or phenomenal beats. Rythym Nation by Janet Jackson came with a peculiar quirk. That quirk involved crashing the hopes and dreams of the person watching it, along with their hard drive. Microsoft writer Raymond Chen reveals the somewhat bizarre tale of Janet’s computer stomping abilities in a recent blog post . What was happening here? Back in the olden times, it turns out that specific flavours of hardware running Windows XP did not like Janet busting a move. Some different models of laptop, from competitors of the first brand, would also crash. Even more spectacularly: simply playin...

Urgent update for macOS and iOS! Two actively exploited zero-days fixed Apple has released emergency security updates to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). These are the CVEs you need to know: Kernel privileges CVE-2022-32894 : An out-of-bounds write issue was addressed with improved bounds checking. The vulnerability could allow an application to execute arbitrary code with kernel privileges. The kernel privileges are the highest possible privileges, so an attacker could take complete control of a vulnerable system by exploiting this vulnerability. Apple points out that they are aware of a report that this issue may have been actively exploited. WebKit CVE-2022-32893 : An out...

LockBit claims ransomware attack on security giant Entrust The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. [...] via BleepingComputer (author: Lawrence Abrams)

Update Chrome now! Google issues patch for zero day spotted in the wild via Malwarebytes Labs

How to secure a Windows PC for your kids via Malwarebytes Labs

Nearly 2,000 Signal users affected by Twilio phishing attack New findings following the Twilio phishing attack revealed that Signal, one of its high-value clients and a popular encrypted messaging platform, was particularly affected. 1,900 of its users had their phone numbers and SMS registration codes exposed. However, Signal reassured users that the attacker could not gain access to "message history, contact lists, profile information, whom they'd blocked, and other personal data" associated with the account. Signal also claims that 1,900 comprises a small percentage of their user base, so a majority of their users were not affected. Nevertheless, they notified affected users this week via SMS and prompted them to re-register Signal on their devices. The company revealed in a security notice that the attacker explicitly searched for three numbers among the 1,900 users affected. One user of the three numbers already reported that their account was re-registered....

Apple security updates fix 2 zero-days used to hack iPhones, Macs Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. [...] via BleepingComputer (author: Lawrence Abrams)

BlackByte ransomware gang is back with new extortion tactics The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. [...] via BleepingComputer (author: Lawrence Abrams)

Windows KB5012170 update causing BitLocker recovery screens, boot issues Windows users who have installed a new KB5012170 security update for Secure Boot have encountered various issues, ranging from boots failing with BitLocker Recovery prompts to performance issues. [...] via BleepingComputer (author: Lawrence Abrams)

CISA and FBI issue alert about Zeppelin ransomware via Malwarebytes Labs

Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories via Malwarebytes Labs

What is Private DNS Mode on Android and how do you enable it? Jack Wallen shows you how to enable Private DNS Mode on Android so your searches and other DNS queries are encrypted and safe from prying eyes. via Latest stories for ZDNet in Security

Exploit out for critical Realtek flaw affecting many networking devices Exploit code has been released for a critical vulnerability affecting networking devices with Realtek's RTL819x system on a chip (SoC), which are estimated to be in the millions. [...] via BleepingComputer (author: Ionut Ilascu)

Russian hackers target Ukraine with default Word template hijacker Threat analysts monitoring cyberattacks on Ukraine report that the operations of the notorious Russian state-backed hacking group 'Gamaredon' continue to heavily target the war-torn country. [...] via BleepingComputer (author: Bill Toulas)

Windows KB5012170 Secure Boot DBX update may fail with 0x800f0922 error Users may see a 0x800f0922 error when trying to install security update KB5012170 on the currently supported Windows operating system for consumers and the enterprise-class Server version. [...] via BleepingComputer (author: Ionut Ilascu)

Callback phishing attacks see massive 625% growth since Q1 2021 Phishing is constantly evolving to bypass user training and email protections, and as threat actors adopt new tactics with better success ratios, quarterly stats reflect interesting threat trends on multiple fronts. [...] via BleepingComputer (author: Bill Toulas)

This Android banking malware now also infects your smartphone with ransomware Sova malware adds new features that make it more dangerous to a wider range of Android payment and banking app users. via Latest stories for ZDNet in Security

SOVA Android Banking Trojan Returns With New Capabilities and Targets The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out. That's according to the latest findings from Italian cybersecurity firm Cleafy, which found newer versions of the malware sporting functionality to intercept via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Space Force takes robot patrol dogs for a walk Robot dogs raise important questions about future of autonomous security. via Latest stories for ZDNet in Security

Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named "secretslib" and downloaded 93 times prior to its deletion, was released to the Python Package Index (PyPI) on August 6, 2022 and is described as "secrets matching and verification made easy." "On a closer via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

The 5 best identity theft protection and credit monitoring services of 2022 What is the best identity theft protection and credit monitoring service? Aura has the best features but check out ZDNet's other top picks! via Latest stories for ZDNet in Security

Over 9,000 VNC servers exposed online without a password Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks. [...] via BleepingComputer (author: Bill Toulas)

Google fined $60 million over Android location data collection The Australian Competition and Consumer Commission (ACCC) announced that Google was fined $60 million for misleading Australian Android users regarding the collection and use of their location data for almost two years, between January 2017 and December 2018. [...] via BleepingComputer (author: Sergiu Gatlan)

SOVA malware adds ransomware feature to encrypt Android devices The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices. [...] via BleepingComputer (author: Bill Toulas)

Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flows and facilitating money laundering" through the service, the Dutch Fiscal Information and via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Now it's BlenderBot's turn to make shocking, inappropriate, and untrue remarks via Malwarebytes Labs

Thousands of Zimbra mail servers backdoored in large scale attack Researchers at Volexity have discovered that a known vulnerability has been used in a large scale attack against Zimbra Collaboration Suite (ZCS) email servers. But the vulnerability was supposed to be hard to exploit since it required authentication. So they decided to dig deeper. An incomplete fix Zimbra is a brand owned by Synacor . Zimbra Collaboration, formerly known as the Zimbra Collaboration Suite (ZCS) is a collaborative software suite that includes an email server and a web client. It is widely used across different industries and government organizations. We reported about a cross-site scripting (XSS) zero-day vulnerability in the Zimbra email platform back in February 2022. At the time, Zimbra claimed there were 200,000 businesses, and over a thousand government and financial institutions, using its software. The initial investigations showed evidence indicating the likely cause of these breaches wa...

The Week in Ransomware - August 12th 2022 - Attacking the defenders It was a very busy week for ransomware news and attacks, especially with the disclosure that Cisco was breached by a threat actor affiliated with the Yanluowang ransomware gang. [...] via BleepingComputer (author: Lawrence Abrams)

Microsoft is showing ads for Microsoft 365 in Office 2021 Microsoft is showing ads for Microsoft 365 Family subscriptions to its Office 2021 customers, offering them discounts of over $28 to get a 3-month Family plan subscription. [...] via BleepingComputer (author: Sergiu Gatlan)

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925 (CVSS score: 7.2) via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Update now! Microsoft fixes two zero-days in August's Patch Tuesday via Malwarebytes Labs

Slack flaw exposed users' hashed passwords Slack, the workplace communication platform, has notified some of its users that their hashed passwords have been subject to exposure for the last five years. The company wasn’t specific in its notice, but Wired said that the flaw was in one of its "low-friction features". The flaw exposed hashed passwords of users when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members," the company said in a notice. "It affected all users who created or revoked shared invitation links between 17 April 2017 and 17 July 2022." Putting a plaintext password through a hashing algorithm changes it to a cryptographically scrambled or obfuscated version of itself, now called a "ciphertext". It is a unique string of characters with a fixed length. Adding "salt" —essentia...

Microsoft shares workarounds for Outlook crashing after launch Microsoft is investigating customer reports of a known issue causing Outlook for Microsoft 365 to freeze and crash right after opening. [...] via BleepingComputer (author: Sergiu Gatlan)

The 4 best VPN services for iPhone and iPad in 2022 What is the best VPN for iPhone? NordVPN is ZDNet's top pick! We analyzed the number of simultaneous connections, servers, and countries in addition to kill switch functionality, logging, speed, and price below. via Latest stories for ZDNet in Security

US govt will pay you $10 million for info on Conti ransomware members The U.S. State Department announced a $10 million reward today for information on five high-ranking Conti ransomware members, including showing the face of one of the members for the first time. [...] via BleepingComputer (author: Lawrence Abrams)

Education hammered by exploits and backdoors in 2021 and 2022 via Malwarebytes Labs

Summer of exploitation leads to healthcare under fire via Malwarebytes Labs

DHS says to update your Emergency Alert Systems immediately The Department of Homeland Security has issued an advisory after vulnerabilities were found in its Emergency Alert Systems (EAS). EAS technology is designed to fire out warning messages during times of national emergency. It can be used to warn of coastal flooding, earthquakes, child abduction, evacuations, and more, via multiple channels, including TV, SMS, and radio. If people are able to tamper with these systems, they can send false alerts. This is incredibly serious and could cause widespread panic, disruption, even injury or loss of life. The advisory reads as follows: ---------------------- We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network). This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBI...

New dark web markets claim association with criminal cartels Several new marketplaces have appeared on the dark web, claiming to be the dedicated online portals for notorious criminal cartels from Mexico. [...] via BleepingComputer (author: Bill Toulas)

7-Eleven Denmark confirms ransomware attack behind store closures 7-Eleven Denmark has confirmed that a ransomware attack was behind the closure of 175 stores in the country on Monday. [...] via BleepingComputer (author: Lawrence Abrams)

Automotive supplier breached by 3 ransomware gangs in 2 weeks An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over a two-week span in May, two of the attacks happening within just two hours. [...] via BleepingComputer (author: Sergiu Gatlan)

Get Dashlane Premium password manager for 3 mo for $1 It can be hard to keep track of passwords these days. With a special code, you can get a password manager for an unusually great price. via Latest stories for ZDNet in Security

Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR via Malwarebytes Labs

Twilio breached after social engineering attack on employees Cloud-based communication platform provider Twilio has announced a breach via a social engineering attack on employees. On August 4, 2022, Twilio says it became aware of unauthorized access to information related to a limited number of Twilio customer accounts, through the social engineering attack which was designed to steal employee credentials. Text messages A number of current and former employees received text messages that appeared to come from Twilio’s IT department. The messages said either the recipient's password had expired, or that their schedule had changed, and that they needed to log in. To increase the credibility of the URLs they contained words including "Twilio," "Okta," and "SSO" (short for single sign-on) to try and trick users to click on a link which led to a fake log in site. At this site, the attacker could intercept the login credentals and use those to acce...

5 cybersecurity tips for students going back to school The new school season is just around the corner. And while you are getting ready to go back to school, now is a good opportunity to check you are doing all you can to stay as safe as possible online. Make sure you are doing these five things: 1. Use multi-factor authentication (MFA) MFA has become a necessary security measure in a world where passwords still rule. It's added security for your school-related accounts—and actually any online accounts you have, including social media. MFA is an additional layer of security, after you enter your username and password. This could be a code generated by an app, a push notification you need to accept, a physical key you plug into your computer, or similar. Use it wherever it is offered to you. Yes, it makes logging in take slightly longer, but it really does make your accounts safer. 2. Use strong passwords By "strong", we mean the best possible password stri...