The latest edition of the Transatlantic Cable Podcast begins with talk around a Microsoft data breach. However, details are thin on the ground and Microsoft are denying that theres been a leak. From there talk moves to news around Googles update to Chrome and a breaking story that centres around PornHub and the EU. show more ...
Lastly, the team talk about the recent changes to Twitter. If you liked what you heard, please consider subscribing. Microsoft denies data breach, theft of 30 million customer accounts 3 Billion Chrome Users Are About to See This Privacy Sandbox Pop-Up Pornhub Is Being Accused of Illegal Data Collection Confusion at Twitter continues over Elon Musks tweet limits
When the marital infidelity website AshleyMadison.com learned in July 2015 that hackers were threatening to publish data stolen from 37 million users, the company’s then-CEO Noel Biderman was quick to point the finger at an unnamed former contractor. But as a new documentary series on Hulu reveals [SPOILER show more ...
ALERT!], there was just one problem with that theory: Their top suspect had killed himself more than a year before the hackers began publishing stolen user data. The new documentary, The Ashley Madison Affair, begins airing today on Hulu in the United States and on Disney+ in the United Kingdom. The series features interviews with security experts and journalists, Ashley Madison executives, victims of the breach and jilted spouses. The series also touches on shocking new details unearthed by KrebsOnSecurity and Jeremy Bullock, a data scientist who worked with the show’s producers at the Warner Bros. production company Wall to Wall Media. Bullock had spent many hours poring over the hundreds of thousands of emails that the Ashley Madison hackers stole from Biderman and published online in 2015. Wall to Wall reached out in July 2022 about collaborating with Bullock after KrebsOnSecurity published A Retrospective on the 2015 Ashley Madison Breach. That piece explored how Biderman — who is Jewish — had become the target of concerted harassment campaigns by anti-Semitic and far-right groups online in the months leading up to the hack. Whoever hacked Ashley Madison had access to all employee emails, but they only released Biderman’s messages — three years worth. Apropos of my retrospective report, Bullock found that a great many messages in Biderman’s inbox were belligerent and anti-Semitic screeds from a former Ashley Madison employee named William Brewster Harrison. William Harrison’s employment contract with Ashley Madison parent Avid Life Media. The messages show that Harrison was hired in March 2010 to help promote Ashley Madison online, but the messages also reveal Harrison was heavily involved in helping to create and cultivate phony female accounts on the service. There is evidence to suggest that in 2010 Harrison was directed to harass the owner of Ashleymadisonsucks.com into closing the site or selling the domain to Ashley Madison. Ashley Madison’s parent company — Toronto-based Avid Life Media — filed a trademark infringement complaint in 2010 that succeeded in revealing a man named Dennis Bradshaw as the owner. But after being informed that Bradshaw was not subject to Canadian trademark laws, Avid Life offered to buy AshleyMadisonSucks.com for $10,000. When Bradshaw refused to sell the domain, he and his then-girlfriend were subject to an unrelenting campaign of online harassment and blackmail. It now appears those attacks were perpetrated by Harrison, who sent emails from different accounts at the free email service Vistomail pretending to be Bradshaw, his then-girlfriend and their friends. [As the documentary points out, the domain AshleyMadisonSucks.com was eventually transferred to Ashley Madison, which then shrewdly used it for advertising and to help debunk theories about why its service was supposedly untrustworthy]. Harrison even went after Bradshaw’s lawyer and wife, listing them both on a website he created called Contact-a-CEO[.]com, which Harrison used to besmirch the name of major companies — including several past employers — all entities he believed had slighted him or his family in some way. The site also claimed to include the names, addresses and phone numbers of top CEOs. A cached copy of Harrison’s website, contact-the-ceo.com. An exhaustive analysis of domains registered to the various Vistomail pseudonyms used by Harrison shows he also ran Bash-a-Business[.]com, which Harrison dedicated to “all those sorry ass corporate executives out there profiting from your hard work, organs, lives, ideas, intelligence, and wallets.” Copies of the site at archive.org show it was the work of someone calling themselves “The Chaos Creator.” Will Harrison was terminated as an Ashley Madison employee in November 2011, and by early 2012 he’d turned his considerable harassment skills squarely against the company. Ashley Madison’s long-suspected army of fake female accounts came to the fore in August 2012 after the former sex worker turned activist and blogger Maggie McNeill published screenshots apparently taken from Ashley Madison’s internal systems suggesting that a large percentage of the female accounts on the service were computer-operated bots. Ashley Madison’s executives understood that only a handful of employees at the time would have had access to the systems needed to produce the screenshots McNeill published online. In one exchange on Aug. 16, 2012, Ashley Madison’s director of IT was asked to produce a list of all company employees with all-powerful administrator access. “Who or what is asdfdfsda@asdf.com?,” Biderman asked, after being sent a list of nine email addresses. “It appears to be the email address Will used for his profiles,” the IT director replied. “And his access was never shut off until today?,” asked the company’s general counsel Mike Daks. A Biderman email from 2012. What prompted the data scientist Bullock to reach out were gobs of anti-Semitic diatribes from Harrison, who had taken to labeling Biderman and others “greedy Jew bastards.” “So good luck, I’m sure we’ll talk again soon, but for now, Ive got better things in the oven,” Harrison wrote to Biderman after his employment contract with Ashley Madison was terminated. “Just remember I outsmarted you last time and I will outsmart and out maneuver you this time too, by keeping myself far far away from the action and just enjoying the sideline view, cheering for the opposition.” A 2012 email from William Harrison to former Ashley Madison CEO Noel Biderman. Harrison signed his threatening missive with the salutation, “We are legion,” suggesting that whatever comeuppance he had in store for Ashley Madison would come from a variety of directions and anonymous hackers. The leaked Biderman emails show that Harrison made good on his threats, and that in the months that followed Harrison began targeting Biderman and other Ashley Madison executives with menacing anonymous emails and spoofed phone calls laced with profanity and anti-Semitic language. But on Mar. 5, 2014, Harrison committed suicide by shooting himself in the head with a handgun. This fact was apparently unknown to Biderman and other Ashley Madison executives more than a year later when their July 2015 hack was first revealed. Does Harrison’s untimely suicide rule him out as a suspect in the 2015 hack? Who is The Chaos Creator, and what else transpired between Harrison and Ashley Madison prior to his death? We’ll explore these questions in Part II of this story, to be published early next week.
GDPR is halting Meta's new Threads app from entering EU markets, portending a broader struggle over the right ways to collect user data on social apps.
Malware spoofed file management applications thanks to elevated permissions, enabling exfiltration of sensitive data with no user interaction, researchers find.
Guardrails need to be set in place to ensure confidentiality of sensitive information, while still leveraging AI as a force multiplier for productivity.
Emotet operators subsequently have put a lot of effort into avoiding any monitoring and tracking of the botnet since it came back. Currently, Emotet is silent and inactive, most probably due to failing to find an effective, new attack vector.
Despite the number of victims so far, experts anticipate more will come forward. “While many organizations have made a disclosure, a significant number have yet to do so,” Brett Callow, threat analyst at Emsisoft, said.
Building a culture of continuous cyber improvement involves implementing a robust real-time vulnerability management strategy that includes consistent monitoring, threat intelligence integration, risk assessment, and rapid response.
Cybersecurity researchers at Aqua unearthed an attack infrastructure that's being used as part of a "potentially massive campaign" against cloud-native environments to deploy Tsunami malware, and hijack credentials and resources.
Security analysts at Mobile security solutions provider Pradeo uncovered details of a couple of spyware apps on the Google Play Store - File Recovery and Data Recovery and File Manager. With a collective download of over 1.5 million, these apps can automatically start without any input from the device owners and covertly send sensitive user data to multiple malicious servers in China.
A report by ENISA found that ransomware accounts for 54% of cybersecurity threats in the health sector. Most of the surveyed organizations (73%) in the health sector haven’t got a program to mitigate ransomware attacks.
“Some personal information relating to employees of the BG Group has been accessed without authorization,” the company said. It’s unclear exactly what type of information has been compromised, but impacted individuals are being notified.
JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients.
According to several internet forums and tweets, approximately 500GB of data, including unreleased television shows, scripts, and other materials, have been compromised from Nickelodeon’s “consumer products and experience” portal.
Computer scientists at the University of Waterloo have discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries.
A joint advisory from the CISA, the FBI, the MS-ISAC, and the Canadian Centre for Cyber Security (CCCS) discovered a rise in the use of the Truebot malware by threat actors. Notably, these actors are increasingly exploiting the CVE-2022-31199 flaw to target organizations in the U.S. and Canada with the malware. show more ...
Organizations are also advised to use IOCs to hunt for signs of malicious activity pointing to a Truebot infection.
A survey by Malwarebytes revealed that a majority of respondents do not trust the information produced by ChatGPT and believe it poses potential safety and security risks.
The apps, both from the same publisher, can launch without any user interaction to steal sensitive data and send it to servers in China. Despite being reported to Google, the two apps continue to be available in Google Play at the time of publishing.
The threat actors behind the attacks compromised target networks by exploiting a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software tracked as CVE-2022-31199.
The Labor Department will use the $15.2 million in the most recent batch of funding for zero-trust architecture. The EPA will put its $2.5 million toward the cybersecurity of its analytical radiation data system.
The most critical vulnerability, CVE-2023-36460, allows hackers to exploit a flaw in the media attachments feature, creating and overwriting files in any location the software could access on an instance.
“An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content,” an advisory by MOVEit said.
Recently, Microsoft's Incident Response team investigated several BlackByte 2.0 ransomware attacks and exposed these cyber strikes' terrifying velocity and damaging nature.
"TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint said in a new report.
RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.
Ubuntu Security Notice 6206-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NTFS file system implementation in show more ...
the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service.
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
Ubuntu Security Notice 6207-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6205-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG show more ...
instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.
Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.
Red Hat Security Advisory 2023-3924-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.23.
Hack The Box launches Capture The Flag competition, including offensive and defensive challenges, to unite teams as cyberattacks increase in 2023 to unprecedented levels.
Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This particular
JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients. As part of its damage control efforts, JumpCloud has reset the application programming interface (API) keys of all customers affected by this event, aiming to protect their valuable data. The company has informed the concerned
Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems. These sophisticated attacks exploit a critical vulnerability (CVE-2022-31199) in the widely used Netwrix Auditor server and its associated agents. This
Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks. Mastodon is known for its federated model, consisting of thousands of separate servers called "instances," and it has over 14 million users across more than 20,000 instances. The most critical vulnerability, CVE-2023-36460,
CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and networks. They are hindered by a lack of open-source intelligence and powerful technology required for proactive, continuous, and effective discovery and protection of their systems, data, and assets. As advanced threat actors constantly search for easily
Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify. Recently, Microsoft's Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes' terrifying velocity and damaging nature. The findings indicate that hackers can complete the entire attack process, from gaining initial access
Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as "Letscall." This technique is currently targeting individuals in South Korea. The criminals behind "Letscall" employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website. Once the malicious software is installed, it redirects
Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized
