"Iran-Linked APT34 Spy Campaign Targets Saudis"

"Iran-Linked APT34 Spy Campaign Targets Saudis"

A phishing campaign that spreads cyber espionage malware is aimed at users in the Middle East. The campaign is conducted by the Advanced Persistent Threat (APT) tracked as APT34, also known as OilRig, Helix Kitten, and Cobalt Gypsy. The APT uses a tool that researchers have dubbed "Menorah." This malware can identify the target's machine, access and upload files, and download additional files and malware. According to Trend Micro, the document used in the attack contains pricing information in Saudi Riyal, suggesting that at least one of the victims is in Saudi Arabia.

Submitted by Gregory Rigby on

"Time-To-Exploit: What It Means and Why It's Going Down"

"Time-To-Exploit: What It Means and Why It's Going Down"

According to researchers, the average time it takes threat actors to exploit vulnerabilities before or after their public disclosure continues to decrease. Researchers at Mandiant analyzed 246 vulnerabilities disclosed in 2021 and 2022, tracked as "exploited in the wild." They discovered that the overall average time-to-exploit (TTE) is decreasing, with exploitation likely to happen before the end of the first month following the release of a patch. This is a trend that has continued over the past few years. Between 2018 and 2019, the average TTE was 63 days.

Submitted by Gregory Rigby on

"Machine Learning Technologies Revolutionize Security"

"Machine Learning Technologies Revolutionize Security"

Integrating Machine Learning (ML) technologies into different security aspects has brought a new era of proactive threat detection, risk mitigation, and improved decision-making processes. From cybersecurity to physical security, ML technologies have proven to be significantly helpful for protecting individuals, organizations, and societies from evolving threats. The introduction of ML technologies has revolutionized the approach to security across various domains. This technology promises dynamic and adaptable security solutions that can address both known and emerging threats.

Submitted by Gregory Rigby on

"Critical Vulnerabilities in Exim Threaten Over 250K Email Servers Worldwide"

"Critical Vulnerabilities in Exim Threaten Over 250K Email Servers Worldwide"

According to researchers, thousands of servers running the Exim mail transfer agent are vulnerable to attacks involving the exploitation of critical vulnerabilities that enable remote execution of malicious code with little or no user interaction. Exim is an open-source mail transfer agent used by as many as 253,000 servers on the Internet. Zero Day Initiative disclosed the vulnerabilities but they escaped much notice until recently when they surfaced in a security mailing list.

Submitted by Gregory Rigby on

"Security Researchers Believe Mass Exploitation Attempts Against WS_FTP Have Begun"

"Security Researchers Believe Mass Exploitation Attempts Against WS_FTP Have Begun"

Researchers suspect the mass exploitation of vulnerabilities in Progress Software's WS_FTP Server. Researchers at Rapid7 first observed evidence of exploitation across multiple instances of WS_FTP on September 30. Progress recently released fixes for eight vulnerabilities in WS_FTP, including one with a CVSS severity rating of 10. The company said that there was no evidence of exploitation at the time. Researchers did not specify which vulnerabilities were being exploited, but it appeared that "one or more" of the eight vulnerabilities detailed in Progress' advisory were being targeted.

Submitted by Gregory Rigby on

"Hackers Steal User Database From European Telecommunications Standards Body"

"Hackers Steal User Database From European Telecommunications Standards Body"

A nonprofit organization that develops communications standards reported that hackers stole a database containing user information. The European Telecommunications Standards Institute (ETSI) disclosed the incident last week. It is currently unclear whether the attack was motivated by financial gain or whether the hackers intended to acquire the user list for espionage purposes. Following the incident, ETSI called on France's cybersecurity agency ANSSI to investigate and restore the affected information systems.

Submitted by Gregory Rigby on

"AI-Generated Phishing Emails Almost Impossible to Detect, Report Finds"

"AI-Generated Phishing Emails Almost Impossible to Detect, Report Finds"

The potential for cybercriminals to use AI chatbots to create phishing campaigns has been cause for concern, and now security researchers at Egress have found that it is almost impossible to detect AI-generated phishing emails.  The researchers noted that AI detectors cannot tell whether a phishing email has been written by a chatbot or a human in three cases out of four (71.4%).  The researchers stated that the reason for this is due to how AI detectors work.

Submitted by Adam Ekwall on

"Transforming Vulnerability Management: CISA Adds OASIS CSAF 2.0 Standard to ICS Advisories"

"Transforming Vulnerability Management: CISA Adds OASIS CSAF 2.0 Standard to ICS Advisories"

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced that its security advisories for Industrial Control Systems (ICS), Operational Technology (OT), and medical devices now include the OASIS Common Security Advisory Framework (CSAF) Version 2.0 standard to transform the vulnerability management landscape. In the current risk environment, it is difficult for organizations to manage the increasing number and complexity of new vulnerabilities.

Submitted by Gregory Rigby on

"Recently Patched TeamCity Vulnerability Exploited to Hack Servers"

"Recently Patched TeamCity Vulnerability Exploited to Hack Servers"

According to security researchers at GreyNoise, in-the-wild exploitation of a critical vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server started just days after the availability of a patch was announced.  The vulnerability tracked as CVE-2023-42793 impacts the on-premises version of TeamCity, and it allows an unauthenticated attacker with access to a targeted server to achieve remote code execution and gain administrative control of the system.

Submitted by Adam Ekwall on

NSA Codebreaker Challenge 2023: Calling All Student Codebreakers to the Ultimate Challenge!

NSA Codebreaker Challenge 2023: Calling All Student Codebreakers to the Ultimate Challenge!

The National Security Agency (NSA) recently launched the NSA Codebreaker Challenge 2023, igniting the minds of aspiring codebreakers across the nation. Commencing on Thursday, September 28th, and running until December 21st, 2023, this annual competition presents students from U.S.-based academic institutions with the opportunity to showcase their reverse engineering prowess while tackling nine thrilling mission-oriented scenarios. This year's challenge revolves around a problem set rooted in a fictional unknown signals origin, as identified by the U.S. Coast Guard.

Submitted by Jason Gigax on
Subscribe to