logo
Dates

Sites

Sort by:  

tldr - powered by Generative AI

Egyptian opposition politician targeted with spyware after announcing presidential bid
  • Egyptian authorities likely behind the attempted hack
  • Spyware exploit chain sent to politician's phone via SMS and WhatsApp links
  • Predator spyware turns smartphone into remote eavesdropping device
  • Cooperation from Vodafone Egypt suspected
  • Citizen Lab previously identified Egypt as a customer of Predator's maker, Cytrox
  • Incumbent President el-Sissi accused of crackdown on political opposition
Tags:  
Egypt
spyware
Hacking
political opposition
Apple and Chrome Zero-Days Exploited to Hack Egyptian ex-MP with Predator Spyware

The Hacker News - 1

Categories:  security

2023-09-23  

tldr - powered by Generative AI

The main theme of the text is the exploitation of vulnerabilities in web content and surveillance tools to target individuals and inject spyware into their devices.
  • A set of three vulnerabilities were exploited to bypass certificate validation, elevate privileges, and achieve remote code execution on targeted devices.
  • The Predator spyware, similar to NSO Group's Pegasus, enables surveillance and data harvesting from compromised devices.
  • The exploit chain involved a network injection attack using Sandvine's PacketLogic middlebox to redirect the victim to a malicious website.
  • The exploit took advantage of HTTP visits to intercept and redirect users to an Intellexa site, leading to the installation of the Predator spyware.
  • SMS messages disguised as security alerts were used to trick the target into clicking on malicious links.
  • The telecom ecosystem has blindspots that can be exploited to intercept network traffic and inject malware.
  • Users at risk of spyware threats are advised to keep their devices updated and enable Lockdown Mode on Apple devices.
Tags:  
exploit chain
vulnerabilities
spyware
surveillance tools
network injection attack
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

The Hacker News - 1

Categories:  security

2023-09-23  

tldr - powered by Generative AI

Stealth Falcon (aka FruityArmor) is a cyber espionage group that has been targeting journalists, activists, and dissidents in the Middle East. They use spear-phishing lures to deliver custom implants capable of executing arbitrary commands. The group has been linked to Project Raven, a clandestine operation involving former U.S. intelligence operatives. They have exploited zero-day vulnerabilities in Windows and used a backdoor named Win32/StealthFalcon. Their latest addition is a backdoor called Deadglyph, which uses the Windows Registry to extract and load shellcode. The backdoor communicates with a command-and-control server and can execute various tasks, manage modules, and upload command outputs. Deadglyph employs counter-detection mechanisms and can uninstall itself to avoid detection.
  • Stealth Falcon is a cyber espionage group targeting individuals in the Middle East.
  • They use spear-phishing lures to deliver custom implants for executing commands.
  • They have been linked to Project Raven, a covert operation involving former U.S. intelligence operatives.
  • They have exploited zero-day vulnerabilities in Windows and used a backdoor named Win32/StealthFalcon.
  • Their latest addition is a backdoor called Deadglyph, which uses the Windows Registry to extract and load shellcode.
  • Deadglyph communicates with a command-and-control server and can execute tasks, manage modules, and upload command outputs.
  • It employs counter-detection mechanisms and can uninstall itself to avoid detection.
Tags:  
Stealth Falcon
cyber espionage
Middle East
spear-phishing
custom implants
The Shocking Data on Kia and Hyundai Thefts in the US

Wired (Security) - 1

Categories:  security

2023-09-23  

tldr - powered by Generative AI

The shocking increase in Kia and Hyundai car theft rates in the US is attributed to vulnerabilities and missing protective features in their antitheft systems.
  • Kia and Hyundai cars have been plagued by vulnerabilities and missing protective features in their antitheft systems.
  • Recent data from 10 US cities show a significant increase in car theft rates for Kia and Hyundai vehicles.
  • The car theft rates have skyrocketed, with some cities experiencing theft rates up to thousands of percentage points.
  • MGM Resorts and Caesars Entertainment have recently faced cyberattacks and data breaches.
  • Microsoft AI researchers unintentionally exposed 38 terabytes of private data on GitHub.
  • China's Ministry of State Security accuses the US government of breaching and monitoring Huawei's networks.
Tags:  
car theft
vulnerabilities
data breaches
cyberattacks
Chinese espionage
ASPM Is Good, But It's Not a Cure-All for App Security

Dark Reading - 1

Categories:  security

2023-09-23  

tldr - powered by Generative AI

ASPM is a valuable tool for managing and improving application security, but it is not a comprehensive solution.
  • ASPM helps identify and mitigate vulnerabilities in software applications.
  • Secure development practices must still be followed to prevent vulnerabilities.
  • ASPM tools have limitations and may not detect all vulnerabilities.
  • API security requires a more granular approach than ASPM provides.
  • ASPM is not a replacement for in-depth penetration testing or a strong security culture.
Tags:  
ASPM
Application Security
vulnerabilities
secure development practices
API security
New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks

The Hacker News - 1

Categories:  security

2023-09-22  

tldr - powered by Generative AI

A new variant of the banking trojan BBTok is targeting users in Brazil and Mexico, replicating the interfaces of over 40 banks to trick victims into entering their credentials. The malware uses various techniques to evade detection and carries out banking activities only upon command from its control server. The threat actors behind BBTok are likely operating out of Brazil, and the malware poses a significant danger to organizations and individuals in the region.
  • BBTok is a banking trojan targeting users in Brazil and Mexico, replicating the interfaces of over 40 banks to deceive victims.
  • The malware uses evasion techniques such as living-off-the-land binaries (LOLBins) and geofencing checks to avoid detection.
  • BBTok establishes connections with a remote server to receive commands and simulate security verification pages of banks.
  • The malware aims to harvest credential and authentication information for account takeovers.
  • The operators of BBTok are cautious, executing banking activities only upon direct command from the control server.
  • The malware has improved its obfuscation and targeting since 2020, expanding beyond Mexican banks.
  • The presence of Spanish and Portuguese language in the source code suggests the attackers' origin in Brazil.
  • BBTok has infected over 150 users based on an SQLite database found in the server hosting the payload generation component.
  • The Israeli cybersecurity company Check Point has also reported a large-scale phishing campaign targeting companies in Colombia, aiming to deploy the Remcos RAT.
  • Remcos RAT grants attackers full control over infected computers and can lead to data theft, follow-up infections, and account takeover.
Tags:  
BBTok
banking trojan
Brazil
Mexico
evasion techniques
TikTok API Rules Stymie Analysis of US User Data, Academics Say

Dark Reading - 1

Categories:  security

2023-09-22  

tldr - powered by Generative AI

New terms of service for researchers accessing TikTok's API hinder analysis of data security and social impact for US users.
  • Accessing TikTok's API data is crucial for investigating the effects of misinformation on elections and reaching the public during natural disasters.
  • The new terms of service require researchers to give TikTok publication review over their findings and refresh their data every 15 days.
  • TikTok claims to support independent research but imposes stricter access requirements compared to competitors.
  • The main concern is TikTok's relationship with the Chinese government and its access to US user data.
Tags:  
TikTok
data security
social impact
researchers
Terms of Service

tldr - powered by Generative AI

Apple has released security patches to address three actively exploited zero-day flaws impacting its software, bringing the total tally of zero-day bugs discovered this year to 16.
  • Apple has released security patches for three zero-day flaws in its software.
  • The vulnerabilities impact iOS, iPadOS, macOS, watchOS, and Safari.
  • The total number of zero-day bugs discovered in Apple's software this year is now 16.
Tags:  
Apple
security patches
zero-day flaws
exploited vulnerabilities
cyber threats

tldr - powered by Generative AI

Recast Software's acquisition of Liquit consolidates the endpoint and application management markets, offering customers a complete application delivery platform and strengthening the company's position in IT management.
  • Recast Software can now provide a comprehensive suite of solutions for application management and endpoint security, simplifying IT operations for professionals.
  • The acquisition will drive innovation in IT management, bringing new solutions to market faster.
  • Customers will benefit from access to a broader range of tools and resources, optimizing their IT operations.
  • The expanded company will have a greater global presence and increased service capabilities.
  • The acquisition reflects the dedication and hard work of Liquit's team and marks a significant milestone in their journey.
Tags:  
Recast Software
Liquit
Endpoint Management
application management
IT professionals

tldr - powered by Generative AI

ClassLink provides cybersecurity training course to help schools protect public directory data
  • ClassLink unveils 'Scope Your Google Directory' course to protect schools from directory scraping
  • Directory scraping can lead to data breaches, phishing attacks, identity theft, and privacy violations
  • Directory scoping is an effective strategy to limit the exposure of sensitive data
  • ClassLink's course equips educational institutions with knowledge and tools to secure their Google directory
  • The course empowers schools to take necessary actions against data scraping to ensure data security
Tags:  
directory scraping
data breaches
phishing attacks
identity theft
data privacy