PhishMail

06/11/2023

Once upon a time, there lived a brave knight named Sir Arthur. He was a proud and noble knight who was determined to battle evil and save his kingdom. One day, he was summoned to a distant land in order to help protect a beautiful princess from an evil wizard. With his trusty sword and shield in hand, Sir Arthur set off on an exciting and perilous journey to save the princess. Will he succeed? Find out in the thrilling story of Sir Arthur and the Princess!

17/10/2023

Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure
------------------------------------------------------

In what's the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the social platform for targeting critical infrastructure.

Discord, in recent years, has become a lucrative target, acting as a fertile ground for hosting malware using its content delivery network (CDN) as

Nation-state hackers are turning to Discord! Discover how they're using this social platform for potential cyber-espionage.

17/10/2023

Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
------------------------------------------------------

Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code ex*****on and take over susceptible systems.

The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10.

Sonar security researcher Thomas Chauchefoin, who discovered the bugs,

Two major vulnerabilities in open-source CasaOS personal cloud software could allow attackers to gain full control of your system.

17/10/2023

Webinar: Locking Down Financial and Accounting Data — Best Data Security Strategies
------------------------------------------------------

Financial data is much more than just a collection of numbers; it is a crucial component of any business and a prime target for cybercriminals. It's important to understand that financial records can be a veritable treasure trove for digital pirates.

A security breach not only puts customers' personal information in jeopardy but also enables fraudsters to drain company funds and exploit clients.

inancial data is more than numbers; it's the lifeblood of your business. Learn how to shield it from cyber threats in our upcoming webinar. Don't miss

17/10/2023

Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge
------------------------------------------------------

Recently, the cybersecurity landscape has been confronted with a daunting new reality – the rise of malicious Generative AI, like FraudGPT and WormGPT. These rogue creations, lurking in the dark corners of the internet, pose a distinctive threat to the world of digital security. In this article, we will look at the nature of Generative AI fraud, analyze the messaging surrounding these creations,

The cybersecurity world faces a new threat: malicious Generative AI, including FraudGPT & WormGPT. How do they impact our digital safety?

17/10/2023

Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers
------------------------------------------------------

A severity flaw impacting industrial cellular routers from Milesight may have been actively exploited in real-world attacks, new findings from VulnCheck reveal.

Tracked as CVE-2023-43261 (CVSS score: 7.5), the vulnerability has been described as a case of information disclosure that affects UR5X, UR32L, UR32, UR35, and UR41 routers before version 35.3.0.7 that could enable attackers to access

Milesight's industrial routers risk unauthorized web interface access, while Titan MFT and Titan SFTP servers face remote

17/10/2023

CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
------------------------------------------------------

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that threat actors "interfered" with at least 11 telecommunication service providers in the country between May and September 2023.

The agency is tracking the activity under the name UAC-0165, stating the intrusions led to service interruptions for customers.

The starting point of the attacks is a reconnaissance phase in

Ukraine's CERT-UA discovered threat actors targeting 11 telecom providers between May and September 2023. The attacks caused service interruptions.

17/10/2023

Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild
------------------------------------------------------

Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that’s under active exploitation in the wild.

Rooted in the web UI feature, the zero-day vulnerability is assigned as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring system.

It’s worth pointing out that the shortcoming only affects enterprise networking gear that have

Cisco alerts about a critical unpatched zero-day security vulnerability in its IOS XE software that's under active exploitation.

16/10/2023

Fraudsters target Booking.com customers claiming hotel stay could be cancelled
------------------------------------------------------

One of the world's largest online travel agencies, Booking.com, is being used by fraudsters to trick hotel guests into handing over their payment card details.

How do I know? The fraudsters tried the trick with me.

One of the world's largest online travel agencies, Booking.com, is being used by fraudsters to trick hotel guests into handing over their payment card details. How do I know? The fraudsters tried the…

16/10/2023

Israelis told to secure their home security cameras against hackers
------------------------------------------------------

The Government of Israel has told the owners of private home security cameras to urgently secure them against being hacked, in the wake of a dramatic heightening of the conflict between Israel and Hamas.

The Government of Israel has told the owners of private home security cameras to urgently secure them against being hacked, in the wake of a dramatic heightening of the conflict between Israel and…

16/10/2023

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign
------------------------------------------------------

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems.

"The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as

WinRAR users, be alert! Pro-Russian hackers exploited a recent vulnerability in the software. Ensure your version is updated!

16/10/2023

SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls
------------------------------------------------------

The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features.

Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to F-Secure.

Besides requesting invasive permissions to access call logs, camera, SMS messages, and external

Discover the dangerous capabilities of SpyNote, an Android banking trojan. It records audio, logs keystrokes, SMS messages, and captures screenshots.

16/10/2023

Signal debunks online rumours of zero-day security vulnerability
------------------------------------------------------

Over the weekend rumours circulated on social networks of an unpatched security hole in the Signal messaging app that could allow a remote hacker to seize control of your smartphone.

But were they true?

Read more in my article on the Hot for Security blog.

Over the weekend rumours circulated on social networks of an unpatched security hole in the Signal messaging app that could allow a remote hacker to seize control of your smartphone.

16/10/2023

The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)
------------------------------------------------------

SaaS Security’s roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management. “SaaS Security on Tap” is a new video series that takes place in Eliana V's bar making sure that the only thing that leaks is beer (

SaaS Security breaches often stem from misconfigured settings. Learn how 'SaaS Security on Tap' video series tackles the key concepts.

16/10/2023

Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence
------------------------------------------------------

Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim.

"After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels," it said in a series of messages posted in X (formerly

🔒 Signal refutes viral reports of a zero-day flaw in its encrypted messaging app. Extensive investigation found no evidence to support the claim.

16/10/2023

Binance's Smart Chain Exploited in New 'EtherHiding' Malware Campaign
------------------------------------------------------

Threat actors have been observed serving malicious code by utilizing Binance's Smart Chain (BSC) contracts in what has been described as the "next level of bulletproof hosting."

The campaign, detected two months ago, has been codenamed EtherHiding by Guardio Labs.

The novel twist marks the latest iteration in an ongoing campaign that leverages compromised WordPress sites to serve unsuspecting

Malicious actors are using Binance's Smart Chain (BSC) contracts to host malicious code and serve it on compromised WordPress

14/10/2023

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication
------------------------------------------------------

Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security.

"The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said. "New features for Windows 11 include

Microsoft plans to phase out the '90s NT LAN Manager (NTLM) in favor of a stronger focus on Kerberos for authentication in Windows 11.

13/10/2023

New PEAPOD Cyberattack Campaign Targeting Women Political Leaders
------------------------------------------------------

European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD.

Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void Rabisu, which is also known as Storm-0978, Tropical Scorpius, and UNC2596, and is also

A new cyber campaign targets EU military & political leaders focusing on gender equality. The cyber collective behind it blurs lines between financial

13/10/2023

Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration
------------------------------------------------------

The advanced persistent threat (APT) actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities.

The findings come from Kaspersky, which first shed light on the adversary last year, linking it to attacks against high-profile entities in Europe and Asia for nearly three

Kaspersky sheds light on hacking group ToddyCat's latest arsenal of tools. Designed for data theft, their tactics are more advanced than ever.

13/10/2023

Ransomware attacks doubled year on year. Are organizations equipped to handle the evolution of Ransomware in 2023?
------------------------------------------------------

Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to bypass common defense strategies effectively.

This article will cover just some of those new developments in Q3-2023 as well as give predictions on quarters to

Ransomware attacks have evolved in Q3-2023, employing new techniques to bypass defenses. Discover the strategies ransomware groups have been adopting.

13/10/2023

FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure
------------------------------------------------------

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023.

That's according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) operation's

The FBI and CISA issue advisory on AvosLocker ransomware gang. They use open-source tools, leave minimal traces.

13/10/2023

DarkGate Malware Spreading via Messaging Services Posing as PDF Files
------------------------------------------------------

A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams.

In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and ex*****on of an AutoIt script designed to launch the malware.

"It's

DarkGate malware is now spreading through instant messaging apps like Skype & Microsoft Teams.

13/10/2023

After hackers distribute malware in game updates, Steam adds SMS-based security check for developers
------------------------------------------------------

Valve, the company behind the Steam video game platform, has announced a new security feature after multiple reports of game updates being poisoned with malware.

But have they chosen the best way to protect developers' accounts?

Read more in my article on the Hot for Security blog.

Valve, the company behind the Steam video game platform, has announced [https://steamcommunity.

12/10/2023

Malicious NuGet Package Targeting .NET Developers with SeroXen RAT
------------------------------------------------------

A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT.

The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user named Disti, is a typosquat of a legitimate package called Pathoschild.Stardew.ModBuildConfig, software supply chain security firm Phylum said in a report today.

While

Malicious NuGet package distributing SeroXen RAT targets .NET developers.

12/10/2023

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
------------------------------------------------------

The threat actors behind ShellBot are leveraging IP addresses transformed into its hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware.

"The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value," the AhnLab Security Emergency response Center (ASEC)

Ever heard of an IP address in hexadecimal notation? It's the latest disguise hackers use to deploy DDoS malware on Linux systems.

12/10/2023

Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack
------------------------------------------------------

Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an unknown industrial organization in early June 2023.

The tech giant's threat intelligence team is tracking the operator as Storm-1567.

The attack leveraged devices that were not onboarded to Microsoft

Microsoft's Defender for Endpoint recently stopped a major encryption attempt by Akira ransomware

12/10/2023

How to Guard Your Data from Exposure in ChatGPT
------------------------------------------------------

ChatGPT has transformed the way businesses generate textual content, which can potentially result in a quantum leap in productivity. However, Generative AI innovation also introduces a new dimension of data exposure risk, when employees inadvertently type or paste sensitive business data into ChatGPT, or similar applications. DLP solutions, the go-to solution for similar challenges, are

Employee usage of GenAI apps like ChatGPT surged by 44% in just 3 months! But at what cost to data security? Dive into LayerX's report for insights

12/10/2023

Researchers Uncover Malware Posing as WordPress Caching Plugin
------------------------------------------------------

Cybersecurity researchers have shed light on a new sophisticated strain of malware that masquerades a WordPress plugin to stealthily create administrator accounts and remotely control a compromised site.

"Complete with a professional looking opening comment implying it is a caching plugin, this rogue code contains numerous functions, adds filters to prevent itself from being included in the list

A new malware disguises as a WordPress caching plugin, secretly creating admin accounts to control your site.

12/10/2023

Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants
------------------------------------------------------

High-profile government and telecom entities in Asia have been targeted as part of an ongoing campaign since 2021 that's designed to deploy basic backdoors and loaders for delivering next-stage malware.

Cybersecurity company Check Point is tracking the activity under the name Stayin' Alive. Targets include organizations located in Vietnam, Uzbekistan, Pakistan, and Kazakhstan.

"The simplistic

Cybersecurity experts uncover an ongoing threat to government and telecom entities in Asia.

12/10/2023

Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released
------------------------------------------------------

Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code ex*****on.

The list of vulnerabilities is as follows -

CVE-2023-38545 (CVSS score: 7.5) - SOCKS5 heap-based buffer overflow vulnerability

CVE-2023-38546 (CVSS score: 5.0) - Cookie injection with none file

CVE-2023-38545 is the more severe of the

Security Advisory : Two major security flaws in the Curl data transfer library exposed.

12/10/2023

Smashing Security podcast #343: Four-legged girlfriends, LoveGPT, and a military intelligence failure
------------------------------------------------------

Dream girlfriends, AI love scams, and an alleged spy who is said to have made a series of blunders.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.

Dream girlfriends, AI love scams, and an alleged spy who is said to have made a series of blunders. All this and much much more is discussed in the latest edition of the "Smashing Security"

11/10/2023

That day you find you’re suddenly in charge of Facebook’s official UK account
------------------------------------------------------

Facebook's official UK account was compromised on Friday evening by a cricket lover, who was seemingly just as surprised as the rest of us...

Facebook's official UK account was compromised on Friday evening by a cricket lover, who was seemingly just as surprised as the rest of us…

11/10/2023

Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords
------------------------------------------------------

Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong and unique password for each account, they resort to easy-to-remember passwords, or use the same password

Protecting your organization starts with strong passwords. Learn why password reuse is a serious threat and how to combat it effectively.

11/10/2023

Securing the future of Industry 4.0: WALLIX white paper reveals key strategies – get your copy today!
------------------------------------------------------

Graham Cluley Security News is sponsored this week by the folks at WALLIX. Thanks to the great team there for their support! In the rapidly evolving landscape of Industry 4.0, marked by rapid innovation and unparalleled connectivity, safeguarding your critical assets is non-negotiable. As industries like Manufacturing, Utilities, Energy, and Transportation undergo profound digital transformations, … Continue reading "Securing the future of Industry 4.0: WALLIX white paper reveals key strategies – get your copy today!"

Graham Cluley Security News is sponsored this week by the folks at WALLIX. Thanks to the great team there for their support! In the rapidly evolving landscape of Industry 4.0…

11/10/2023

U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability
------------------------------------------------------

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Tracked as CVE-2023-21608 (CVSS score: 7.8), the vulnerability has been described as a use-after-free bug that can be exploited to achieve remote code ex*****on (RCE) with the

Adobe Acrobat Reader users, beware! CISA adds high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities list.

11/10/2023

Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
------------------------------------------------------

More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector, nearly twice the number of detections in August.

Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagDiv Composer plugin (CVE-2023-3169, CVSS score: 6.1) that could be exploited by unauthenticated users to

Over 17,000 WordPress sites hit by Balada Injector malware in Sept 2023, double the August numbers

11/10/2023

Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
------------------------------------------------------

Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild.

Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September.

The two

Microsoft's October 2023 Patch Tuesday: 103 new vulnerabilities addressed, including 2 zero-days and 13 critical ones.

11/10/2023

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
------------------------------------------------------

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy).

The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023.

"CVE-2023-22515 is a critical privilege escalation vulnerability in

A critical flaw (CVE-2023-22515) in Atlassian Confluence is being exploited by a nation-state actor, Storm-0062.