Author: Admin
Tor users are de-anonymized by law enforcement The German police have successfully deanonymized at least four Tor users. It turns out that they monitor known Tor relays and known suspects, and use time analysis to figure out who is using which relay. Tor has is written about this. Hacker news thread. tags: deanonymization, law enforcement agencies, Tor Posted on October 29, 2024 at 7:02 am • 0 comments Bruce Schneier sidebar photo by Joe McInnis. Source link
October 29, 2024Ravi LakshmananDigital Security / Data Privacy The United States Government (USG) has issued new guidelines governing the use of the traffic light protocol (TLP) to process threat intelligence shared between the private sector, individual researchers, and federal departments and agencies. “U.S. General Management maintains a TLP label on cybersecurity information voluntarily shared by individuals, companies, or other organizations unless it is inconsistent with existing law or policy,” it said. said. “We adhere to this label because trust in data processing is a key component of cooperation with our partners.” In using these designations, the idea is to promote…
October 29, 2024Ravi LakshmananHardware Security / Vulnerability More than six years later Specter security issue impact on today’s CPU processors has been revealed, a new study has shown that the latest AMD and Intel processors are still susceptible to speculative execution attacks. attack opened by ETH Zürich researchers Johannes Wikner and Kave Razavi aims to break down the barrier of an indirect predictor of industries (IBPB) on x86 chips, an important countermeasure against speculative execution attacks. Speculative performance refers to a performance optimization feature however, modern processors execute certain instructions out of order, predicting program branching in advance, thus speeding…
October 28, 2024Ravi LakshmananMalware / Threat Intelligence Three malicious packages published to the npm registry in September 2024 were found to contain known malware called BeaverTail, a JavaScript downloader, and an information stealer linked to an ongoing campaign in North Korea tracked as Contagious Interview. Datadog Security Research Team monitoring activity under the name Stubborn pungsanwhich is also known by the aliases CL-STA-0240 and Famous Chollima. The names of the malicious packages that are no longer available for download from the package registry are listed below – passports-js, passport backdoor (118 downloads) bcrypts-js, a backdoor copy of bcryptjs (81 downloads)…
October 28, 2024Ravi LakshmananCyber espionage / Android An alleged Russian hybrid espionage-influence operation was spotted delivering a mixture of Windows and Android malware to target the Ukrainian military called Telegram Civil Defense. Google Threat Analysis Group (TAG) and Mandiant track activity under the name UNC5812. A threat group that runs a Telegram channel called civildefense_com_uawas created on September 10, 2024. At the time of writing, the channel has 184 subscribers. It also supports the website civildefense.com(.)ua, which was registered on April 24, 2024. “Civil Defense claims to be a provider of free software designed to allow potential recruits to view…
October 28, 2024Ravi LakshmananCloud Security / Cyber Attack A government organization and a religious organization in Taiwan have been targeted by a China-linked threat known as The elusive panda which infected them with a previously undocumented post-compromise toolkit codenamed CloudScout. “The CloudScout toolkit is capable of extracting data from various cloud services using stolen web session cookies,” ESET security researcher An Ho said. “Through the CloudScout plug-in, it works seamlessly with MgBot, Evasive Panda’s proprietary malware framework.” A Slovak cybersecurity company used .NET-based malware that was discovered between May 2022 and February 2023. It includes 10 different modules written in…
Criminals blow up ATMs in Germany this low techbut effective. Why Germany? It has more ATMs than other European countries, and if I read the article correctly, they have more money. tags: ATMs, banking, bombs, theft Posted on October 28, 2024 at 12:12 pm • 0 comments Bruce Schneier sidebar photo by Joe McInnis. Source link
October 28, 2024Hacker newsOperational technologies / Cyber security Operational safety technology (OT) has impacted marine vessel and port operators as both ships and industrial cranes are rapidly digitized and automated, creating new types of safety challenges. Ships come ashore on average every six months. Container cranes are mostly automated. Diagnostics, maintenance, upgrades and tuning of these mission-critical systems are performed remotely, often by third-party technicians. This highlights the importance of proper secure remote access management for industrial control systems (ICS). Learn more in our Buyer’s Guide to Securely Managing the Remote Access Lifecycle. We are in SSH connection security (SSH)…
Cybersecurity researchers are warning of a surge in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services such as Cloudflare and Microsoft Sway for your benefit. “Companies targeted sensitive information from various crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for several of the company’s webmail platforms, as well as Microsoft 365 login credentials,” said Netskope Threat Labs researcher Ian Michael Alcantara. said in the analysis. The cybersecurity company said it tracked a 10-fold increase in traffic to phishing pages created using Webflow between April…
October 28, 2024Ravi LakshmananWindows Vulnerability / Security A new attack technique can be used to bypass Microsoft Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) demotion attacks. “This bypass allows the loading of unsigned kernel drivers, allowing attackers to deploy custom rootkits that can override security controls, hide processes and network activity, maintain stealth, and more,” SafeBreach researcher Alon Leviev. said in a report shared with The Hacker News. Recent findings are based on preliminary analysis which discovered two elevation of privilege flaws in the Windows update process (CVE-2024-21302 and CVE-2024-38202), which can be…