Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors. ESXi is a bare-metal hypervisor that is installed directly onto a physical server and provides direct access and control of underlying resources. ESXi hypervisors host virtual machines that may include critical servers in a network. In a ransomware attack, having full administrative permission on an ESXi hypervisor can mean that the threat actor can encrypt the file system, which may affect the ability of the hosted servers to run and function. It also allows the threat actor to access hosted VMs and possibly to exfiltrate data or move laterally within the network.
Not only is TikTok’s algorithm promoting Neo-Nazi content, extremist organizations are also using the platform to recruit new members and encourage real-world action.
#content #extremism #media #moderation #nazis #social #tiktok
LummaC2 is an Infostealer that is being actively distributed, disguised as illegal programs (e.g. cracks, keygens, and game hacking programs) available from distribution websites, YouTube, and LinkedIn using the SEO poisoning technique. Recently, it has also been distributed via search engine ads, posing as web pages of Notion, Slack, Capcut, etc.
Reference: Distribution of MSIX Malware Disguised as Notion Installer
Meta has removed 63,000 Instagram accounts from Nigeria that were involved in sextortion scams, including a coordinated network of 2,500 accounts linked to 20 individuals targeting primarily adult men in the United States.
#Computer #Facebook #InfoSec #Instagram #Media #Meta #Scam #Security #Sextortion #Social
Engineers at Southwest Research Institute have identified cybersecurity vulnerabilities with electric vehicles (EVs) using direct current fast-charging systems, the quickest, commonly used way to charge electric vehicles. The high-voltage technology relies on power line communication (PLC) technology to transmit smart-grid data between vehicles and charging equipment.
In a laboratory, the SwRI team exploited vulnerabilities in the PLC layer, gaining access to network keys and digital addresses on both the charger and the vehicle.
This report delves into Doppelgänger information operations conducted by Russian actors, focusing on their activities from early June to late-July 2024. Our investigation was motivated by the unexpected snap general election in France, prompting a closer look at Doppelgänger activities during this period.
While recent activities have been described since1,2, our first dive into the information operations topic offers a complementary threat-intelligence analysts’ perspective on the matter, brings additional knowledge on associated infrastructure, tactics and motivation in Europe and the United States.
SeleniumGreed is an active crypto-mining campaign targeting older versions of Grid services. Explore the risks, attack methods, and essential security measures.
Wiz Research has detected an ongoing threat campaign that exploits exposed Selenium Grid services for cryptomining, dubbed “SeleniumGreed”.
Selenium is among the most commonly used testing frameworks. Our data shows that the technology can be found in 30% of cloud environments, and the official selenium/hub docker image has over 100 million pulls in Docker Hub.
Unbeknownst to most users, Selenium WebDriver API enables full interaction with the machine itself, including reading and downloading files, and running remote commands.
By default, authentication is not enabled for this service. This means that many publicly accessible instances are misconfigured and can be accessed by anyone and abused for malicious purposes.
We have identified a threat actor targeting publicly exposed instances of Selenium Grid and leveraging features of Selenium WebDriver API to run Python with a reverse shell to deploy scripts that download a XMRig miner.
The threat actor is still active as of this blog post’s date of publication.
We believe this is the first documentation of this misconfiguration being exploited in the wild.
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature.
In this blog post, we examine the recent CrowdStrike outage and provide a technical overview of the root cause. We also explain why security products use kernel-mode drivers today and the safety measures Windows provides for third-party solutions. In addition, we share how customers and security vendors can better leverage the integrated security capabilities of Windows for increased security and reliability. Lastly, we provide a look into how Windows will enhance extensibility for future security products.
The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users.
The National Crime Agency has infiltrated a significant DDoS-for-hire service which has been responsible for tens of thousands of attacks every week across the globe.
The disruption targeting digitalstress.su, a criminal marketplace offering DDos capabilities, was made in partnership with the Police Service of Northern Ireland.
It comes after the PSNI arrested one of the site’s suspected controllers earlier this month.
The following estimates are calculated using data from the NVD Dashboard. At the time of this reports generation, NVD's 2024 daily average for analyzing new CVEs is 30.27. There is a current backlog of 16777 CVEs awaiting analysis. With an average influx of 111.07 new CVEs per day, a daily average of 217.93 analyses is required to clear this backlog and process new CVEs. Currently, NVD is falling short of this goal by 187.66 CVEs a day. Given this data, if the current daily rate of CVE analysis persists, the projected number of CVEs awaiting analysis by the end of 2024 will be 29462.6.
Microsoft has started responding with changes it wants to see in the wake of the CrowdStrike botched update. It looks like Windows kernel access is on the agenda.
The Internet Systems Consortium (ISC) released BIND security updates that fixed remotely exploitable DoS bugs in the DNS software suite.
PKfail is a zero day disclosure detected by the Binarly REsearch Team and responsibly disclosed.
Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.
Hacking Group Known as “Andariel” Used Ransom Proceeds to Fund Theft of Sensitive Information from Defense and Technology Organizations Worldwide, Including U.S. Government Agencies
Key Attack Insights:
