This posting is here to collect cyber security news in March 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in March 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
64 Comments
Tomi Engdahl says:
https://www.usatoday.com/story/tech/columnist/komando/2024/02/29/thieves-using-wifi-jammer/72758559007/
Tomi Engdahl says:
Facebook ja Instagram menivät nurin
https://www.iltalehti.fi/digiuutiset/a/9b2b5ec9-e0ee-41cc-b5ac-bf736b8e4651
Tomi Engdahl says:
Hackers threaten to release Trump documents from Georgia case if they don’t get a ransom by Thursday
https://www.businessinsider.com/trump-georgia-documents-ransom-threat-fulton-county-hack-lockbit-2024-2?r=US&IR=T
Hackers set a ransom deadline of Thursday morning to release Fulton County court documents.
They claim the documents include files related to the criminal case against Donald Trump.
The hacking group was shut down by law enforcement earlier this month, but they appear to be back up.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2024/03/13/suomen-yleisimmaksi-haitakkeeksi-nousi-injuke-troijalainen/
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
Tor releases WebTunnel, a new type of Tor bridge that mimics HTTPS traffic to help users bypass censorship by hiding connections in plain sight — The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight.
Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship
https://www.bleepingcomputer.com/news/security/tors-new-webtunnel-bridges-mimic-https-traffic-to-evade-censorship/
The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight.
Tor bridges are relays not listed in the public Tor directory that keep the users’ connections to the network hidden from oppressive regimes. While some countries, like China and Iran, have found ways to detect and block such connections, Tor also provides obfsproxy bridges, which add an extra layer of obfuscation to fight censorship efforts.
WebTunnel, the censorship-resistant pluggable transport inspired by the HTTPT probe-resistant proxy, takes a different approach. It makes it harder to block Tor connections by ensuring that the traffic blends in with HTTPS-encrypted web traffic.
Since blocking HTTPS would also block the vast majority of connections to web servers, the WebTunnel connections will also be permitted, effectively circumventing censorship in network environments with protocol allow lists and deny-by-default policies.
“It works by wrapping the payload connection into a WebSocket-like HTTPS connection, appearing to network observers as an ordinary HTTPS (WebSocket) connection,” said the Tor Project.
“So, for an onlooker without the knowledge of the hidden path, it just looks like a regular HTTP connection to a webpage server giving the impression that the user is simply browsing the web.”
To be able to use a WebTunnel bridge, you’ll first have to get bridge addresses from here and add them manually to Tor Browser for desktop through the following procedure:
Open Tor Browser and go to the Connection preferences window (or click “Configure Connection”).
Click on “Add a Bridge Manually” and add the bridge addresses.
Close the bridge dialog and click on “Connect.”
Note any issues or unexpected behavior while using WebTunnel.
You can also use WebTunnel with Tor Browser for Android by configuring a new bridge and entering the bridge addresses after clicking “Provide a Bridge I know.”
The WebTunnel pluggable transport was first introduced in December 2022 as an integration that could be tested using a Tor Browser test build.
Tomi Engdahl says:
Charlotte Trueman / DatacenterDynamics:
Meta details its two new data center scale clusters, both containing 24,576 Nvidia H100 GPUs that the company is using for AI workloads like training Llama 3 — Have been built to support AI research and development — Meta has shared the details of the hardware, network, storage, design …
Meta reveals details of two new 24k GPU AI clusters
Have been built to support AI research and development
https://www.datacenterdynamics.com/en/news/meta-reveals-details-of-two-new-24k-gpu-ai-clusters/
Tomi Engdahl says:
Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business
Series E funding of $100 million includes investments from Mitsubishi Electric and Schneider Electric.
https://www.securityweek.com/nozomi-networks-raises-100-million-to-expand-industrial-cybersecurity-business/
Tomi Engdahl says:
Stanford University Data Breach Impacts 27,000 Individuals
Stanford University is notifying 27,000 people of a data breach impacting their personal information.
https://www.securityweek.com/stanford-university-data-breach-impacts-27000-individuals/
Tomi Engdahl says:
Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server
Microsoft ships patches for at least 60 security vulnerabilities in the Windows ecosystem and warned of remote code execution risks.
https://www.securityweek.com/patch-tuesday-microsoft-flags-major-bugs-in-hyperv-exchange-server/
Tomi Engdahl says:
New Open Source Tool Hunts for APT Activity in the Cloud
The CloudGrappler open source tool can detect the presence of known threat actors in cloud environments.
https://www.securityweek.com/new-open-source-tool-hunts-for-apt-activity-in-the-cloud/
Tomi Engdahl says:
Exploited Building Access System Vulnerability Patched 5 Years After Disclosure
Vulnerabilities affecting a Nice Linear physical access product, including an exploited flaw, patched five years after their disclosure.
https://www.securityweek.com/exploited-building-access-system-vulnerability-patched-years-after-disclosure/
Vulnerabilities affecting Linear building access control products, including a security flaw that has been exploited in the wild, have been patched nearly five years after their initial disclosure.
In May 2019, at SecurityWeek’s ICS Cyber Security Conference, Gjoko Krstic, a researcher who at the time worked for industrial cybersecurity firm Applied Risk, disclosed information on more than 100 vulnerabilities found in building management and access control systems from Nortek, Prima Systems, Optergy, and Computrols.
Nortek stood out at the time because it was the only vendor that had not released patches. It claimed to have released fixes, but Krstic said at the time that the vendor had not given him the opportunity to send over the actual vulnerability details.
Over 2,500 internet-exposed instances of the company’s Linear eMerge access control product were identified when the vulnerabilities were disclosed in 2019.
Less than one year later, in February 2020, SonicWall reported that one of the vulnerabilities found by Krstic, a critical unauthenticated remote code execution bug tracked as CVE-2019-7256, had been exploited in attacks.
The security firm was seeing tens of thousands of daily attempts to exploit the vulnerability in an effort to infect devices with a piece of malware that would allow cybercriminals to launch DDoS attacks. Over 2,300 potentially affected devices had still been exposed to the internet.
Tomi Engdahl says:
Bloomberg:
A February 21 hack of Change Healthcare has seized the US health care system for over three weeks, halting billions in payments; Change processes $2T per year
Cancer Clinics Face Cash Crunch After Hack Rocks US Health Care
https://www.bloomberg.com/news/articles/2024-03-13/change-healthcare-cyber-attack-leaves-cancer-clinics-reeling
The Change Healthcare cyberattack brought the routine flow of billions of dollars in payments to a halt, putting medical practices under pressure nationwide
Doctors across the US are stretching to keep their practices afloat as a debilitating cyberattack on a once little-known company at the center of the health-care system continues to cause havoc.
The Feb. 21 attack against Change Healthcare, a subsidiary of the largest US health insurer by market value, UnitedHealth Group Inc., has seized the health-care system for three weeks and counting, halting the normal flow of billions of dollars in payments between doctors, hospitals, pharmacies and insurers. The paralysis is tilting some clinics into financial peril.
Tomi Engdahl says:
Bill Toulas / BleepingComputer:
A US jury convicts Russian-Swedish national Roman Sterlingov for operating crypto “tumbler” Bitcoin Fog between 2011 and 2021, laundering 1.2M+ BTC worth ~$400M
Bitcoin Fog mixer operator convicted for laundering $400 million
https://www.bleepingcomputer.com/news/legal/bitcoin-fog-mixer-operator-convicted-for-laundering-400-million/
Tomi Engdahl says:
CIA allegedly made fake social media accounts to troll the Chinese government / The operation reportedly began in 2019 and amplified negative news about the Chinese government.
https://www.theverge.com/2024/3/14/24100984/cia-china-fake-social-media-spying
Tomi Engdahl says:
Keyloggers, spyware, and stealers dominate SMB malware detections
In 2023, 50% of malware detections for SMBs were keyloggers, spyware and stealers, malware that attackers use to steal data and credentials, according to Sophos.
https://www.helpnetsecurity.com/2024/03/13/smbs-ransomware-cyberthreat/
Tomi Engdahl says:
Hackers can read private AI-assistant chats even though they’re encrypted
All non-Google chat GPTs affected by side channel that leaks responses sent to users.
https://arstechnica.com/security/2024/03/hackers-can-read-private-ai-assistant-chats-even-though-theyre-encrypted/
Tomi Engdahl says:
Massive internet outage hits West and Central Africa after undersea cables fail
Was sabotage involved?
https://www.techspot.com/news/102274-massive-internet-outage-hits-west-central-africa-due.html?phclid=p0rnhub&fbclid=IwAR08no3Sq2tC1s0vcFfaicOg_u_UD0JXQ2u2WIZiJomAAHy0zDtWOVE6mpY
Tomi Engdahl says:
Woman Arrested for Using Fuel Pump Software Flaw to Take $27K in Free Gas
https://www.thedrive.com/news/woman-arrested-for-using-fuel-pump-software-flaw-to-take-27k-in-free-gas?utm_source=pornhub&utm_medium=social&utm_campaign=pornoflow&phclid=p0rnhub&fbclid=IwAR1c-tD74pBJzr4dOK0olSgHe5OnKjnQ1cQEpoNx9Pmg5q_l0bQMITdmaiI
A security oversight that anyone could discover by accident let her get thousands of gallons of free gas.
Tomi Engdahl says:
Researchers have uncovered new threat in third-party plugins for OpenAI’s #ChatGPT that could allow attackers to install malicious plugins without users’ consent and hijack accounts on third-party websites such as GitHub.
Read: https://thehackernews.com/2024/03/third-party-chatgpt-plugins-could-lead.html
#cybersecurity #technews
Tomi Engdahl says:
Kyberturvallisuusyhtiö Fortinet pani tammikuussa merkille suositulla Python-ohjelmointikielellä kirjoitetun haittaohjelman yleistymisen.
Leviämisen takana on vietnamilainen uhkatoimija, joka on aiemmin ollut aktiivisesti mukana monissa vastaavissa tapauksissa. Nyt havaitussa kampanjassa haittaohjelmistoa levittävät Excel-tiedostoliitteet, jotka avattuina käynnistävät Python-pohjaisen komentosarjan.
https://muropaketti.com/?p=754669
Tomi Engdahl says:
https://uk.pcmag.com/networking/151446/spacex-prepares-to-comply-with-lawful-intercepts-for-cellular-starlink-system
Tomi Engdahl says:
Never-before-seen Linux malware gets installed using 1-day exploits
Discovery means that NerbianRAT is cross-platform used by for-profit threat group.
https://arstechnica.com/security/2024/03/never-before-seen-linux-malware-gets-installed-using-1-day-exploits/
Researchers have unearthed Linux malware that circulated in the wild for at least two years before being identified as a credential stealer that’s installed by the exploitation of recently patched vulnerabilities.
The newly identified malware is a Linux variant of NerbianRAT, a remote access Trojan first described in 2022 by researchers at security firm Proofpoint. Last Friday, Checkpoint Research revealed that the Linux version has existed since at least the same year, when it was uploaded to the VirusTotal malware identification site. Checkpoint went on to conclude that Magnet Goblin—the name the security firm uses to track the financially motivated threat actor using the malware—has installed it by exploiting “1-days,” which are recently patched vulnerabilities. Attackers in this scenario reverse engineer security updates, or copy associated proof-of-concept exploits, for use against devices that have yet to install the patches.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/15987-traficom-varoittaa-dropbox-linkeistae
Tomi Engdahl says:
https://etn.fi/index.php/13-news/15985-pythonia-kaeytetaeaen-kyberhyoekkaeyksissae-yhae-useammin
Kyberturvallisuusyhtiö Fortinet pani tammikuussa merkille suositulla Python-ohjelmointikielellä kirjoitettujen haittaohjelmien yleistymisen. Tammikuussa havaittiin uusi kampanja, jossa haittaohjelman takana oli vietnamilainen ryhmä.
Havaitussa kampanjassa haittaohjelmistoa levittävät Excel-tiedostoliitteet, jotka avattuina käynnistävät Python-pohjaisen komentosarjan. Ohjelmisto tunkeutuu järjestelmiin ja poimii arkaluonteisia tietoja käyttämällä useiden erilaisten tekniikoiden yhdistelmää. Haittaohjelma on myös taitava kiertämään perinteisiä turvatoimia. Esimerkiksi avoin lähdekoodi, jota käytetään ohjelmiston levittämiseen hyökkäyksen eri vaiheissa, vaikeuttaa ohjelmiston havaitsemista ja tekee ennaltaehkäisystä haastavaa.
Tomi Engdahl says:
https://www.securityweek.com/in-other-news-cisa-hacked-chinese-lock-backdoors-exposed-secrets/
CISA hacked via Ivanti vulnerabilities
The US cybersecurity agency CISA took two of its systems offline last month after discovering that they had been compromised through the exploitation of vulnerabilities in Ivanti products, The Record reported. The impacted devices were reportedly associated with systems that house critical chemical sector information. It’s unclear if the attackers targeted CISA’s Ivanti devices as part of a targeted attack, and whether any information was compromised.
https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise
Tomi Engdahl says:
Meta is DOWN: Facebook, Instagram and Messenger hit with worldwide outage leaving users unable to access accounts – 2 weeks after platforms were knocked offline by an ‘internal’ issue
https://www.dailymail.co.uk/sciencetech/article-13219417/Meta-Facebook-Instagram-Messenger-outage.html?ito=social-facebook&fbclid=IwAR1nu6H3iAshch8HzAMiJ_Juy8z7E9Xibf8fPXSl9zZYsSP_IznyY7rxvEo
Meta’s Facebook, Instagram and Messenger are down worldwide
The outage hit around 10:45am ET and is impacting the apps and websites
The issues come just 15 days since all three platforms were knocked offline
Tomi Engdahl says:
Misconfigured Firebase Instances Expose 125 Million User Records
A weakness in a Firebase implementation allowed researchers to gain access to names, phone numbers, email addresses, plaintext passwords, confidential messages, and more.
https://www.securityweek.com/misconfigured-firebase-instances-expose-125-million-user-records/
Tomi Engdahl says:
Airbus Pulls Out of Deal to Buy Atos Cybersecurity Unit
Atos shares tank after Airbus decides not to move ahead with discussions to acquire its cybersecurity business.
https://www.securityweek.com/airbus-pulls-out-of-deal-to-buy-atos-cybersecurity-unit/
Tomi Engdahl says:
https://www.securityweek.com/chinese-apt-hacks-48-government-organizations/
Tomi Engdahl says:
Cisco Completes $28 Billion Acquisition of Splunk
The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023.
https://www.securityweek.com/cisco-completes-28-billion-acquisition-of-splunk/
Tomi Engdahl says:
New Attack Shows Risks of Browsers Giving Websites Access to GPU
Researchers demonstrate remote GPU cache side-channel attack from within browsers against AMD and NVIDIA graphics cards.
https://www.securityweek.com/new-attack-shows-risks-of-browsers-giving-websites-access-to-gpu/
Tomi Engdahl says:
300,000 Systems Vulnerable to New Loop DoS Attack
Academic researchers describe a new application-layer loop DoS attack affecting Broadcom, Honeywell, Microsoft and MikroTik.
https://www.securityweek.com/300000-systems-vulnerable-to-new-loop-dos-attack/
Tomi Engdahl says:
DMV services disrupted nationwide over system outage
The American Association of Motor Vehicle Administrators said the outage was due to “a loss in cloud connectivity” on Thursday.
https://www.nbcnews.com/news/us-news/dmv-services-disrupted-nationwide-system-outage-rcna144496?fbclid=IwAR3kdiHtPztjpDX683uaHSROYRscUOBnGT6_CqvA2Rzn7_p5LEKfizk-8O4
Multiple states reported disrupted services at department of motor vehicles offices Thursday in a “national outage” that halted license-related transactions due to “a loss in cloud connectivity.”
The American Association of Motor Vehicle Administrators, a nongovernmental group that provides software to DMV offices, said Thursday: “The network that connects motor vehicle agencies across the United States to each other and to various verification services experienced an outage due to a loss in cloud connectivity.”
The outage lasted from 9:50 a.m. to 12:30 p.m. EDT, a spokesperson for the AAMVA said.
“During that time, there was no ability to process messages that support transactions of driver licenses and motor vehicle titles. This prevented a number of motor vehicle agencies from issuing driver licenses and vehicle titles during the outage,” the AAMVA said, noting it was working internally and with cloud providers to determine the “root cause” of the outage.
Tomi Engdahl says:
GhostRace CPU vulnerability threatens all major architectures — IBM and VU Amsterdam researchers detail new cross-platform speculative execution attack
News
By Christopher Harper published March 17, 2024
Speculative execution exploits are used against modern CPUs to access passwords and other confidential data.
https://www.tomshardware.com/tech-industry/cyber-security/ghostrace-cpu-vulnerability-threatens-all-major-architectures-ibm-and-vu-amsterdam-researchers-detail-new-cross-platform-speculative-execution-attack
On March 12, researchers from VUSec and IBM made a new form of speculative execution attack publicly known on Twitter, linking to a corresponding GhostRace disclosure paper hosted by VUSec. We’ll be discussing the full GhostRace disclosure document and its attached documentation in more detail below, but first, let’s take some time to clarify what a “speculative execution attack” even is.
Tomi Engdahl says:
Andy Greenberg / Wired:
Researchers reveal a hotel keycard hacking technique that lets a hacker almost instantly open RFID-based Saflok locks used in ~3M doors across 13K properties
Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds
The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.
https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
On the first day of Pwn2Own Vancouver 2024, contestants earned $732,500 and a Tesla Model 3 for demoing 19 zero-day flaws across Windows 11, Tesla, and others
Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
https://www.bleepingcomputer.com/news/security/windows-11-tesla-and-ubuntu-linux-hacked-at-pwn2own-vancouver/#google_vignette
On the first day of Pwn2Own Vancouver 2024, contestants demoed 19 zero-day vulnerabilities in Windows 11, Tesla, Ubuntu Linux and other devices and software to win $732,500 and a Tesla Model 3 car.
The competition started with Haboob SA’s Abdul Aziz Hariri using an Adobe Reader exploit that combined an API restriction bypass and a command injection bug to gain code execution on macOS to earn $50,000.
Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle (VEH) CAN BUS Control in under 30 seconds using an integer overflow.
Other attempts from the first day of Pwn2Own include:
DEVCORE Research Team earned a $30,000 award after escalating privileges to SYSTEM on a fully patched Windows 11 system using an exploit that targeted two bugs, including a TOCTAU race condition. They were also awarded $10,000 for demoing an already-known Ubuntu Linux local privilege escalation (LPE) exploit.
The KAIST Hacking Lab’s Seunghyun Lee hacked the Google Chrome web browser using a Use-After-Free (UAF) vulnerability to collect $60,000.
Kyle Zeng from ASU SEFCOM demoed another LPE exploit targeting Ubuntu Linux via a race condition to earn $20,000.
Cody Gallagher also won $20,000 for an Oracle VirtualBox out-of-bounds (OOB) write zero-day vulnerability.
Viettel Cyber Security’s Dungdm also hacked Oracle’s VirtualBox using a two-bug exploit chain for $20,000.
Tomi Engdahl says:
We tested five ways to find hidden cameras in hotels and house rentals
https://www.youtube.com/watch?v=h77un7ry5bY
Have you ever wondered if you’re being watched?
It’s a feeling that’s creeping in for more travelers, as stories of hidden cameras — in hotel rooms, house rentals, cruise ships, even airplane bathrooms – continue to make headlines.
Spycams were once the stuff of international espionage, with secret agents given cameras resembling pocket watches, matchbooks – even tubes of lipstick.
Pieter Tjia, founder of Singapore tech company OMG Solutions, said that cameras have become smaller and harder to see in the past three years – often hidden in everyday objects such as calculators, diffusers, and water bottles.
But how hard is it to find these cameras? And do devices designed to locate hidden cameras really work?
Tomi Engdahl says:
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Fixing newly discovered side channel will likely take a major toll on performance.
https://arstechnica.com/security/2024/03/hackers-can-extract-secret-encryption-keys-from-apples-mac-chips/
A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday.
The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.
Beware of hardware optimizations
The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years.
Tomi Engdahl says:
University researchers have found an unpatchable security flaw in Apple Silicon Macs, which would allow an attacker to break encryption and get access to cryptographic keys. The flaw is present in M1, M2, and M3 chips, and because the failing is part of the architecture of the chips, there’s no way for Apple to fix it in current devices ……
Unpatchable security flaw in Apple Silicon Macs breaks encryption
https://9to5mac.com/2024/03/22/unpatchable-security-flaw-mac/?fbclid=IwAR2CA9TUgkt5l6SL94s1iQkljTN8UL3HIvX2nfVYoXKlGOx4a8wsmMVd9yE
University researchers have found an unpatchable security flaw in Apple Silicon Macs, which would allow an attacker to break encryption and get access to cryptographic keys.
The flaw is present in M1, M2, and M3 chips, and because the failing is part of the architecture of the chips, there’s no way for Apple to fix it in current devices …
Tomi Engdahl says:
“To exploit the vulnerability, an attacker would have to fool a user into installing a malicious app, and unsigned Mac apps are blocked by default.
Additionally, the time taken to carry out an attack is quite significant, ranging from 54 minutes to 10 hours in tests carried out by researchers, so the app would need to be running for a considerable time.”
Tomi Engdahl says:
https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/
Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds
The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.
Tomi Engdahl says:
https://thehackernews.com/2024/03/ghostrace-new-data-leak-vulnerability.html
Tomi Engdahl says:
QEMU Emulator Exploited as Tunneling Tool to Breach Company Network
https://thehackernews.com/2024/03/cybercriminals-utilize-qemu-emulator-as.html
Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed “large company” to connect to their infrastructure.
While a number of legitimate tunneling tools like Chisel, FRP, ligolo, ngrok, and Plink have been used by adversaries to their advantage, the development marks the first QEMU that has been used for this purpose.
“We found that QEMU supported connections between virtual machines: the -netdev option creates network devices (backend) that can then connect to the virtual machines,” Kaspersky researchers Grigory Sablin, Alexander Rodchenko, and Kirill Magaskin said.
“Each of the numerous network devices is defined by its type and supports extra options.”
Tomi Engdahl says:
Never-before-seen Linux malware gets installed using 1-day exploits
Discovery means that NerbianRAT is cross-platform used by for-profit threat group.
https://arstechnica.com/security/2024/03/never-before-seen-linux-malware-gets-installed-using-1-day-exploits/
Tomi Engdahl says:
https://futurism.com/the-byte/satellite-spy-individual-people
Tomi Engdahl says:
PoC Releases for 0-day CVE-2024-21762 FortiGate SSLVPN Flaw, Over 133K Remain Vulnerable
https://securityonline.info/poc-releases-for-0-day-cve-2024-21762-fortigate-sslvpn-flaw-over-133k-remain-vulnerable/
Tomi Engdahl says:
New Python-Based Snake Info Stealer Spreading Through Facebook Messages
https://thehackernews.com/2024/03/new-python-based-snake-info-stealer.html
Tomi Engdahl says:
VMwaren ydintoiminto vuotaa kriittisesti: paikkaa heti
Jori Virtanen7.3.202414:01|päivitetty7.3.202414:01HAAVOITTUVUUDETHAKKERITTIETOTURVA
Kiinalaiset tutkijat löysivät haavoittuvuudet osana hakkerointikilpailua.
https://www.tivi.fi/uutiset/vmwaren-ydintoiminto-vuotaa-kriittisesti-paikkaa-heti/81001000-dcbd-471e-a85f-2f62cd5053b6
Tomi Engdahl says:
Hugging Face, the GitHub of AI, hosted code that backdoored user devices
Malicious submissions have been a fact of life for code repositories. AI is no different.
https://arstechnica.com/security/2024/03/hugging-face-the-github-of-ai-hosted-code-that-backdoored-user-devices/
Tomi Engdahl says:
SIGNAL’S NEW USERNAMES HELP KEEP THE COPS OUT OF YOUR DATA
Ephemeral usernames instead of phone numbers safeguard privacy — and makes Signal even harder to subpoena.
https://theintercept.com/2024/03/04/signal-app-username-phone-number-privacy/