Daily Dose of Dark Web Informer - September 27th, 2024

Sat Sep 28 2024

This daily article is intended to make it easier for those who want to stay updated with my regular posts. Any subscriber-only content will be clearly marked at the end of the link.

Dark Web Informer

A Threat Actor Allegedly is Selling Data of an Unidentified Car Dealership Company in Thailand

Fri Sep 27 2024

A Threat Actor Allegedly is Selling Data of an Unidentified Car Dealership Company in Thailand

Dark Web Informer

Remote code execution exploit for CUPS printing service puts Linux desktops at risk

Fri Sep 27 2024

A security researcher has developed an exploit that leverages several vulnerabilities in CUPS (common UNIX printing system), the default printing system on most Linux systems.

CSO Online

Liquid Blood Targeted the Website of National Bank of Tajikistan

Fri Sep 27 2024

Liquid Blood Targeted the Website of National Bank of Tajikistan

Dark Web Informer

Websec Targeted the Website of The People's Party

Fri Sep 27 2024

Websec Targeted the Website of The People's Party

Dark Web Informer

A Threat Actor has Allegedly Leaked Data from T-shirtmakers

Fri Sep 27 2024

A Threat Actor has Allegedly Leaked Data from T-shirtmakers

Dark Web Informer

RipperSec Targeted the Website of Addiko Bank AG

Fri Sep 27 2024

RipperSec Targeted the Website of Addiko Bank AG

Dark Web Informer

US charges British man over 'hack-to-trade' scheme

Fri Sep 27 2024

A British man has been arrested and charged by U.S. authorities with hacking into the computers of five companies to obtain details about their expected earnings, and making $3.75 million of illegal profit by trading before results were released.

Reuters

dirsearch - Web Path Discovery

Fri Sep 27 2024

dirsearch - Web Path Discovery

Dark Web Informer

Bangladesh Civilian Force Targeted the Website of Mumbai Custom

Fri Sep 27 2024

Bangladesh Civilian Force Targeted the Website of Mumbai Custom

Dark Web Informer

A Threat Actor is Allegedly Selling Data of Australian Citizens

Fri Sep 27 2024

A Threat Actor is Allegedly Selling Data of Australian Citizens

Dark Web Informer

A Threat Actor has Allegedly Leaked Data of Weather Event

Fri Sep 27 2024

A Threat Actor has Allegedly Leaked Data of Weather Event

Dark Web Informer

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Fri Sep 27 2024

Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8) ...

The Hacker News

PoC Honeypot for Detecting Exploit Attempts Against CVE-2024-47177

Fri Sep 27 2024

PoC Honeypot for Detecting Exploit Attempts Against CVE-2024-47177

Dark Web Informer

How Does the Tor Network Work?

Fri Sep 27 2024

How Does the Tor Network Work?

Dark Web Informer

DEFACER KAMPUNG Defaced the Website of Premium Group

Fri Sep 27 2024

DEFACER KAMPUNG Defaced the Website of Premium Group

Dark Web Informer

Z-BL4CX-H4T Defaced the Website of PCM Masale

Fri Sep 27 2024

Z-BL4CX-H4T Defaced the Website of PCM Masale

Dark Web Informer

A Threat Actor has Allegedly Leaked Data of MS GLOW Beauty

Fri Sep 27 2024

A Threat Actor has Allegedly Leaked Data of MS GLOW Beauty

Dark Web Informer

A Threat Actor is Selling Data of Discord

Fri Sep 27 2024

A Threat Actor is Selling Data of Discord

Dark Web Informer

A Threat Actor Allegedly Leaked Data of Toyota Bicutan Paranaque

Fri Sep 27 2024

A Threat Actor Allegedly Leaked Data of Toyota Bicutan Paranaque

Dark Web Informer

Microsoft privilege escalation issue forces the debate: ‘When is something a security hole?’

Fri Sep 27 2024

Security vendor Fortra announced on Friday what it is describing as a Microsoft security hole that would allow an attacker who had stolen low-level access credentials to escalate them to high-level ac

CSO Online

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

Fri Sep 27 2024

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print...

The Hacker News

A critical Nvidia Container Toolkit bug can allow a complete host takeover

Fri Sep 27 2024

Nvidia has patched a critical vulnerability affecting its container toolkit (formerly known as Nvidia docker).

CSO Online

How to Plan and Prepare for Penetration Testing

Fri Sep 27 2024

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming....

The Hacker News

Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks

Fri Sep 27 2024

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent...

The Hacker News

Carrier Global takes collaborative approach to cybersecurity

Fri Sep 27 2024

For enterprises that do business worldwide, cybersecurity can be a complex undertaking, as risks such as phishing attacks by threat actors continuously evolve across the globe to bypass traditional de

CSO Online

Tesla’s Cybertruck Goes, Inevitably, to War

Fri Sep 27 2024

A handful of Tesla’s electric pickup trucks are armed and ready for battle in the hands of Chechen forces fighting in Ukraine as part of Russia’s ongoing invasion. Can the EV take the heat?

Wired

Cybersecurity Certifications: The Gateway to Career Advancement

Fri Sep 27 2024

In today's fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you're a seasoned cyber professional or just starting your journey, signing up for the GIAC Newsletter ensures you're always informed and equipped for...

The Hacker News

New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users

Fri Sep 27 2024

Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake websites, or phishing emails bearing PDF...

The Hacker News

U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering

Fri Sep 27 2024

The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through...

The Hacker News

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

Fri Sep 27 2024

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and...

The Hacker News

Daily Dose of Dark Web Informer - September 26th, 2024

Thu Sep 26 2024

This daily article is intended to make it easier for those who want to stay updated with my regular posts. Any subscriber-only content will be clearly marked at the end of the link.

Dark Web Informer

A Threat Actor on a Hacking Forum has Allegedly Leaked data of Federal Firearms Licenses of USA

Thu Sep 26 2024

A Threat Actor on a Hacking Forum has Allegedly Leaked data of Federal Firearms Licenses of USA

Dark Web Informer

grep Allegedly has Leaked the Albert Menes Database

Thu Sep 26 2024

grep Allegedly has Leaked the Albert Menes Database

Dark Web Informer

A Threat Actor Allegedly Leaked the Adouceo Database

Thu Sep 26 2024

A Threat Actor Allegedly Leaked the Adouceo Database

Dark Web Informer

Moroccan Cyber Forces Targeted the Website of Tzeva Adom

Thu Sep 26 2024

Moroccan Cyber Forces Targeted the Website of Tzeva Adom

Dark Web Informer

A Threat Actor is Allegedly Selling the Data of Capital Markets Elite Group

Thu Sep 26 2024

A Threat Actor is Allegedly Selling the Data of Capital Markets Elite Group

Dark Web Informer

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

Thu Sep 26 2024

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security...

The Hacker News

Different Types of Network Attacks

Thu Sep 26 2024

Different Types of Network Attacks

Dark Web Informer

Here are the top 3 causes of breaches – and how to mitigate them

Thu Sep 26 2024

The stakes are higher than ever for organizations worldwide regarding cybersecurity incidents, as the fallout of such incidents is becoming more costly and complex.

CSO Online

SAP SE revamps application security scanning using simulation and automation

Thu Sep 26 2024

As a result, SAP is always evolving its security measures to stay ahead of cyber threats.

CSO Online

N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks

Thu Sep 26 2024

Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. "These samples enhance Sparkling Pisces' already extensive arsenal...

The Hacker News

Overloaded with SIEM Alerts? Discover Effective Strategies in This Expert-Led Webinar

Thu Sep 26 2024

Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That's what dealing with security alerts can feel like. SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much noise, and not enough time to actually stop threats. It's time for a change....

The Hacker News

Amid Air Strikes and Rockets, an SMS From the Enemy

Thu Sep 26 2024

As Israel intensifies its attacks on Lebanon, eerie messages have been arriving on the phones of civilians on both sides of the border, with authorities in each country accusing the other of psychological warfare.

Wired

Chinese hackers allegedly hacked US ISPs for cyber espionage

Thu Sep 26 2024

Chinese state-sponsored hackers have been found to have gained access to multiple US internet service providers (ISPs) to establish persistence and carry out cyber espionage activities.

CSO Online

UK police investigating Islamophobic hack of Wi-Fi at train stations

Thu Sep 26 2024

British police said on Thursday they had launched an investigation into a cyberattack after passengers at the country's major railway stations saw an Islamophobic message when they tried to use Wi-Fi services.

Reuters

EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?

Thu Sep 26 2024

Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don’t have the time - or the budget - to...

The Hacker News

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

Thu Sep 26 2024

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

Wired

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

Thu Sep 26 2024

As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022. The...

The Hacker News

South Korea to criminalise watching or possessing sexually explicit deepfakes

Thu Sep 26 2024

South Korean lawmakers on Thursday passed a bill that criminalises possessing or watching sexually explicit deepfake images and videos, with penalties set to include prison terms and fines.

Reuters

India's Star Health sues Telegram after hacker uses app's chatbots to leak data

Thu Sep 26 2024

Top Indian insurer Star Health has sued Telegram and a self-styled hacker after Reuters reported that the hacker was using chatbots on the messaging app to leak personal data and medical reports of policy holders.

Reuters

Attackers impersonate freight companies in double brokering scams

Thu Sep 26 2024

Scammers are increasingly impersonating transportation companies to bid on shipments and then contract the job at a lower price to potentially less reliable carriers.

CSO Online

Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities

Thu Sep 26 2024

An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant. "Between late 2022 to present, SloppyLemming...

The Hacker News

Beware the risks of vulnerable VPNs: update, maintain, monitor, and protect

Thu Sep 26 2024

We live in a world that is always on and always vulnerable.

CSO Online

Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign

Thu Sep 26 2024

Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor. "Investigators...

The Hacker News

Zero trust, not no trust: A practical guide to implementing ZTNA

Thu Sep 26 2024

Zero-trust network access (ZTNA) is a security model that follows the principle of “never trust, always verify.

CSO Online

Accenture forges own path to improve attack surface management

Wed Sep 25 2024

Accenture’s award-winning attack surface management program strengthens the company’s resiliency and security posture.

CSO Online

The critical importance of choosing the right data center firewall

Wed Sep 25 2024

Data centers are the backbone of modern IT architecture.

CSO Online

Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%

Wed Sep 25 2024

Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch...

The Hacker News

Thousands of internet-exposed fuel gauges could be hacked and dangerously exploited

Wed Sep 25 2024

Thousands of automatic tank gauge (ATG) systems used in gas stations, power plants, airports, military bases, and other critical infrastructure facilities are exposed to the internet and using insecur

CSO Online

Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

Wed Sep 25 2024

Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy-Preserving Attribution (PPA) without explicitly seeking users' consent. "Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said...

The Hacker News

Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool

Wed Sep 25 2024

Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems. "It has a standard set of features commonly found in penetration testing tools and its developer created it using the Rust programming language," Unit 42's Dominik...

The Hacker News

ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function

Wed Sep 25 2024

A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions...

The Hacker News

Expert Tips on How to Spot a Phishing Link

Wed Sep 25 2024

Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links:1. Check Suspicious URLs  Phishing URLs are often long, confusing, or filled with random characters. Attackers use these to disguise the link's true destination...

The Hacker News

CrowdStrike outage redefines EDR market emphasis

Wed Sep 25 2024

July’s infamous CrowdStrike outage has shaken up the endpoint detection and response (EDR) marketplace by placing a much greater emphasis on stability and reliability.

CSO Online

Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Wed Sep 25 2024

Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn’t fully delivered on its potential, leaving SOCs still grappling with many of the same...

The Hacker News

WikiLeaks' Assange to make first public appearance since release in Strasbourg

Wed Sep 25 2024

WikiLeaks' founder Julian Assange is set to make his first public appearance since being freed from a British jail when he gives evidence to the Council of Europe next month, his organisation said on Wednesday.

Reuters

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Wed Sep 25 2024

Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations. As many...

The Hacker News

When technical debt strikes the security stack

Wed Sep 25 2024

Most veteran CISOs implicitly understand the concept of technical debt and how it increases the risk across IT assets and applications.

CSO Online

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

Wed Sep 25 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by a remote unauthenticated attacker to bypass the...

The Hacker News

CrowdStrike defends access to Windows kernel at US Congressional hearing into July worldwide update failure

Wed Sep 25 2024

A CrowdStrike executive told a US Congressional hearing on Tuesday that the company’s endpoint detection and response sensor has to continue accessing the Windows kernel, despite criticism by some cyb

CSO Online

Cyber startup Wiz explores shares sale at up to $20 billion valuation, Bloomberg News reports

Tue Sep 24 2024

U.S.-Israeli cybersecurity startup Wiz is exploring a potential sale of existing shares at a valuation ranging from $15 billion to $20 billion, Bloomberg News reported on Tuesday.

Reuters