Kategorie

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims' machines, each cluster is characterized by distinct tools, modus operandi, and infrastructure," Palo Alto THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comMalware Attack / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. "Deadglyph's architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly," ESET said in a new report shared with The Hacker News. "This combinationTHNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCyber Espionage / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comZero Day / Vulnerability 37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number," THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comMalware / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation.  This testing is critical for evaluating vendors because it’s virtually impossible to evaluate cybersecurity vendors based on their own The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comMITRE ATT&CK / Cybersecurity37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously documented first-stage backdoors called Solar and Mango, which were deployed to collect sensitive information from major browsers and the Windows Credential THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCyber Attack / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new versions shipped last month. This includes - CVE-2022-25647 (CVSS score: 7.5) - A deserializationTHNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comServer Security / Vulnerability37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comZero Day / Vulnerability 37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunic koation providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time (JIT) compiler for the Lua programming language known as LuaJIT as a vehicle to deploy a novel implant called LuaDream. "The activities we THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comTelecom Security / Cyber Attack37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Posted by Martin Geisler, Android team

Android 14 is the third major Android release with Rust support. We are already seeing a number of benefits:

• Productivity: Developers quickly feel productive writing Rust. They report important indicators of development velocity, such as confidence in the code quality and ease of code review.
• Security: There has been a reduction in memory safety vulnerabilities as we shift more development to memory safe languages.

These positive early results provided an enticing motivation to increase the speed and scope of Rust adoption. We hoped to accomplish this by investing heavily in training to expand from the early adopters.

Scaling up from Early Adopters

Early adopters are often willing to accept more risk to try out a new technology. They know there will be some inconveniences and a steep learning curve but are willing to learn, often on their own time.

Scaling up Rust adoption required moving beyond early adopters. For that we need to ensure a baseline level of comfort and productivity within a set period of time. An important part of our strategy for accomplishing this was training. Unfortunately, the type of training we wanted to provide simply didn’t exist. We made the decision to write and implement our own Rust training.

Training Engineers

Our goals for the training were to:

• Quickly ramp up engineers: It is hard to take people away from their regular work for a long period of time, so we aimed to provide a solid foundation for using Rust in days, not weeks. We could not make anybody a Rust expert in so little time, but we could give people the tools and foundation needed to be productive while they continued to grow. The goal is to enable people to use Rust to be productive members of their teams. The time constraints meant we couldn’t teach people programming from scratch; we also decided not to teach macros or unsafe Rust in detail.
• Make it engaging (and fun!): We wanted people to see a lot of Rust while also getting hands-on experience. Given the scope and time constraints mentioned above, the training was necessarily information-dense. This called for an interactive setting where people could quickly ask questions to the instructor. Research shows that retention improves when people can quickly verify assumptions and practice new concepts.
• Make it relevant for Android: The Android-specific tooling for Rust was already documented, but we wanted to show engineers how to use it via worked examples. We also wanted to document emerging standards, such as using thiserror and anyhow crates for error handling. Finally, because Rust is a new language in the Android Platform (AOSP), we needed to show how to interoperate with existing languages such as Java and C++.

With those three goals as a starting point, we looked at the existing material and available tools.

Existing Material

Documentation is a key value of the Rust community and there are many great resources available for learning Rust. First, there is the freely available Rust Book, which covers almost all of the language. Second, the standard library is extensively documented.

Because we knew our target audience, we could make stronger assumptions than most material found online. We created the course for engineers with at least 2–3 years of coding experience in either C, C++, or Java. This allowed us to move quickly when explaining concepts familiar to our audience, such as "control flow", “stack vs heap”, and “methods”. People with other backgrounds can learn Rust from the many other resources freely available online.

Technology

For free-form documentation, mdBook has become the de facto standard in the Rust community. It is used for official documentation such as the Rust Book and Rust Reference.

A particularly interesting feature is the ability to embed executable snippets of Rust code. This is key to making the training engaging since the code can be edited live and executed directly in the slides:

In addition to being a familiar community standard, mdBook offers the following important features:

• Maintainability: mdbook test compiles and executes every code snippet in the course. This allowed us to evolve the class over time while ensuring that we always showed valid code to the participants.
• Extensibility: mdBook has a plugin system which allowed us to extend the tool as needed. We relied on this feature for translations and ASCII art diagrams.

These features made it easy for us to choose mdBook. While mdBook is not designed for presentations, the output looked OK on a projector when we limited the vertical size of each page.

Supporting Translations

Android has developers and OEM partners in many countries. It is critical that they can adapt existing Rust code in AOSP to fit their needs. To support translations, we developed mdbook-i18n-helpers. Support for multilingual documentation has been a community wish since 2015 and we are glad to see the plugins being adopted by several other projects to produce maintainable multilingual documentation for everybody.

Comprehensive Rust

With the technology and format nailed down, we started writing the course. We roughly followed the outline from the Rust Book since it covered most of what we need to cover. This gave us a three day course which we called Rust Fundamentals. We designed it to run for three days for five hours a day and encompass Rust syntax, semantics, and important concepts such as traits, generics, and error handling.

We then extended Rust Fundamentals with three deep dives:

• Rust in Android: a half-day course on using Rust for AOSP development. It includes interoperability with C, C++, and Java.
• Bare-metal Rust: a full-day class on using Rust for bare-metal development. Android devices ship significant amounts of firmware. These components are often foundational in nature (for example, the bootloader, which establishes the trust for the rest of the system), thus they must be secure.
• Concurrency in Rust: a full-day class on concurrency in Rust. We cover both multithreading with blocking synchronization primitives (such as mutexes) and async/await concurrency (cooperative multitasking using futures).

A large set of in-house and community translators have helped translate the course into several languages. The full translations were Brazilian Portuguese and Korean. We are working on Simplified Chinese and Traditional Chinese translations as well.

Course Reception

We started teaching the class in late 2022. In 2023, we hired a vendor, Immunant, to teach the majority of classes for Android engineers. This was important for scalability and for quality: dedicated instructors soon discovered where the course participants struggled and could adapt the delivery. In addition, over 30 Googlers have taught the course worldwide.

More than 500 Google engineers have taken the class. Feedback has been very positive: 96% of participants agreed it was worth their time. People consistently told us that they loved the interactive style, highlighting how it helped to be able to ask clarifying questions at any time. Instructors noted that people gave the course their undivided attention once they realized it was live. Live-coding demands a lot from the instructor, but it is worth it due to the high engagement it achieves.

Most importantly, people exited this course and were able to be immediately productive with Rust in their day jobs. When participants were asked three months later, they confirmed that they were able to write and review Rust code. This matched the results from the much larger survey we made in 2022.

Looking Forward

We have been teaching Rust classes at Google for a year now. There are a few things that we want to improve: better topic ordering, more exercises, and more speaker notes. We would also like to extend the course with more deep dives. Pull requests are very welcome!

The full course is available for free at https://google.github.io/comprehensive-rust/. We are thrilled to see people starting to use Comprehensive Rust for classes around the world. We hope it can be a useful resource for the Rust community and that it will help both small and large teams get started on their Rust journey!

Thanks!

We are grateful to the 190+ contributors from all over the world who created more than 1,000 pull requests and issues on GitHub. Their bug reports, fixes, and feedback improved the course in countless ways. This includes the 50+ people who worked hard on writing and maintaining the many translations.

Special thanks to Andrew Walbran for writing Bare-metal Rust and to Razieh Behjati, Dustin Mitchell, and Alexandre Senges for writing Concurrency in Rust.

We also owe a great deal of thanks to the many volunteer instructors at Google who have been spending their time teaching classes around the globe. Your feedback has helped shape the course.

Finally, thanks to Jeffrey Vander Stoep, Ivan Lozano, Matthew Maurer, Dmytro Hrybenko, and Lars Bergstrom for providing feedback on this post.

The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023. "This increase in P2PInfect traffic has coincided with a growing number of variants seen in the wild, suggesting that the malware's developers are operating at an extremely high development cadence," Cado Security researcher Matt Muir THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comBotnet / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Security teams are familiar with threats emanating from third-party applications that employees add to improve their productivity. These apps are inherently designed to deliver functionality to users by connecting to a “hub” app, such as Salesforce, Google Workspace, or Microsoft 365. Security concerns center on the permission scopes that are granted to the third party apps, and the potential The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comSaaS Security / App Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. This report contains the key findings of our research.

Attack vectors

There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services.

Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing. A successful password cracking enables hackers to execute arbitrary commands on a device and inject malware. Brute-force attacks on services that use SSH, a more advanced protocol that encrypts traffic, can yield similar outcomes. However, it takes more resources to attack SSH, while the number of services accessible online is smaller compared to Telnet.

In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH. The majority of infected devices that carried out these attacks were traced to China, India, and the United States, while China, Pakistan, and Russia were the most actively attacking countries.

Ten countries and territories where most devices that attacked Kaspersky honeypots were located, H1 2023 (download)

Ten countries and territories where most attacks on Kaspersky honeypots came from, H1 2023 (download)

Brute-force attacks are fairly common as Telnet and SSH services running on IoT devices typically use widely known default passwords. Unfortunately, users tend to leave these passwords unchanged. As if that were not enough, many IoT devices have unalterable main passwords set by manufacturers.

Another way of compromising a device is by leveraging vulnerabilities in the services that run on it. Injecting malicious code into requests sent to the web interface is the most common way of exploiting vulnerabilities. The consequences of these attacks can be substantial, such as in the case of a vulnerability in the TR-064 protocol implementation used by ISPs to automate configuration of devices on the LAN. The security flaw enabled unauthenticated transmission of TR-064 packets, resulting in the proliferation of the Mirai malware.

Regardless of the compromising technique, IoT devices may come under attack both from malicious actors’ own servers and from malware through so-called self-spreading, whereby malicious files seek out vulnerable devices online and implant copies onto them through diverse means. In the latter scenario, the attack may also originate from an IoT device infected earlier.

Dark web services: DDoS attacks, botnets, and zero-day IoT vulnerabilities

Of all IoT-related services offered on the dark web, DDoS attacks are worth examining first. Botnets made up of IoT devices and utilized for distributed DoS attacks have become more prevalent on dark web forums and are in high demand among hackers.

See translation

I’m the world’s best-known DDoS attacker for hire (getting ahead of myself here). Not going to waffle — I’ll just tell you why it is my service you should choose.
Our advantages:
1. Botnet based on Medusa, working since 2020. Starts ~50 browser instances per Windows PC which evade any anti-DDoS defense.
10,000–80,000 online devices: the largest Windows or IoT botnet in 2023.

In the first half of 2023, Kaspersky Digital Footprint Intelligence service analysts discovered a total of more than 700 ads for DDoS attack services posted on various dark web forums.

DDoS ads distributed by month, H1 2023 (download)

The price of a service like that is driven by numerous factors that determine attack complexity, such as DDoS protection, CAPTCHA, and JavaScript verification on the victim’s side. The overall cost of an attack varies between $20 per day and $10,000 per month. The average price charged by those who posted the ads was $63.5 per day, or $1350 per month.

Another type of service sold on the dark web is IoT hacking. Cybercriminals seek exploits for zero-day vulnerabilities in IoT devices.

See translation

Will buy 0day/1day RCE in IoT
Escrow

See translation

Hi,
I want to buy IoT exploits with devices located in Korea
Any architecture

There are also offers to purchase and sell IoT malware on dark web forums, often packaged with infrastructure and supporting utilities. In the screenshot below, the vendor is offering a homebrew DDoS bot complete with a C2 server and software for uploading the malware via Telnet or SSH:

See translation

Selling Linux IoT bot. Tested, tried.
Comes with a manual and network startup kit.
What’s in the box:
C2 server
The bot
Telnet brute force
Telnet/SSH loader
Payload generator (one-line commands for installing the bot)
2 .sh scripts: utility and bot compilers
Bot compiles for several systems at once to support routers, etc.

As for the bot itself:
TCP/UDP flood (tcp – syn, ack, syn|ack, ack|psh, all)
If C2 down, will try to reconnect until successful
Optional signed commands in case C2 gets stolen
Command to kill all bots in the system
Autorun via /etc/init.d
Not a Mirai fork. C2 based on qBot
Price: $200

Below that, you can see a screenshot of an ad where the poster seeks both malware and help with installing it.

See translation

Looking for functional IoT botnets with brute force, etc. Working/updated mirai/qbot mod will work.
Also looking for help installing these

In some cases, sellers or buyers specify the target type of IoT device.

See translation

Buy IoT Botnet / IoT Miner
Will buy IoT botnet or miner. Custom-written or modified public.
Stable ping / miner profitability is what matters. After-purchase support is a plus =)
Key targets: webcams, routers.
Price: varies with features and detects. From $100 to […] First contact via PM.

Screenshot of an ad from the Kaspersky Threat Intelligence Portal stream

In rare instances, networks of pre-infected devices are also available for purchase on dark web forums. However, adverts of this nature are infrequent. For instance, the user in the screenshot below is searching for a new owner for a botnet of 200 routers and cameras located in Argentina.

See translation

Hey all! I have a tad over 200 iot devices in Argentina, mostly webcams and routers. I know the routers can be sold, but what about the webcams? Where do I find buyers? Found one while browsing forums, but they wouldn’t reply.

Objectives and types of malware that attacks the IoT

Bad actors who infect IoT devices may be pursuing diverse goals. They may be looking to exploit the infected hardware as a tool to launch cyberattacks, camouflage malicious traffic, leverage the resources of the devices for crypto mining, or demand a ransom to restore access to the device. Some may attack any IoT device, while others, only certain types of hardware that are capable of serving their objectives. Below, we provide an overview of purpose-specific types of IoT malware.

DDoS botnets

Trojans that hijack a device and use it to initiate DoS attacks targeting various services are the most frequently observed type of IoT malware. For DDoS malware, the targeted device type is irrelevant, as each device is capable of fulfilling the attacker’s goal: sending requests over the Web. Although most of these malicious programs stem from modified Mirai code, there are many other families that differ in their techniques for spreading and gaining persistence.

For example, RapperBot, although utilizing some portions of the Mirai code base, consists mostly of original code. Its capabilities include smart brute-forcing by analyzing the initial request for authentication data it receives from a Telnet service. The malware can use that request to identify the device type and proceed to brute-force passwords specific to that type only, thereby boosting its self-spreading performance.

Ransomware

Unlike DDoS malicious programs, ransomware largely targets IoT devices that contain user data: NAS boxes. DeadBolt, which affected thousands of QNAP NAS devices in 2022, is a prominent example of IoT ransomware. The attack took advantage of CVE-2022-27593, a vulnerability that allowed bad actors to modify system files on the box. User files were encrypted, with the device’s interface displaying a ransom note demanding payment of 0.03 BTC to recover the data. Although the manufacturer issued an update that resolved the vulnerability, similar attacks remain a concern.

Miners

Attackers made attempts at using IoT devices for Bitcoin mining during Mirai campaigns, despite their low processing power. The practice has not become widespread due to relative inefficiency.

DNS changer

Malicious actors may use IoT devices to target users who connect to them. A 2022 campaign known as Roaming Mantis, or Shaoye, spread an Android app whose capabilities included modifying DNS settings on Wi-Fi routers through the administration interface. Any router still using the default access credentials, like admin:admin, could be infected. On such a device, the configuration would be altered to make it use the operators’ DNS server. This server then redirects all users who connect to the router to a website that uploaded malicious APK files to Android devices and displayed phishing pages on iOS devices.

Proxy bots

Another widespread way of abusing infected IoT devices is to leverage them as proxy servers that redirect malicious traffic, making it difficult to track. These proxy servers are mostly employed for spam campaigns, evasion of antifraud systems, and various network attacks.

IoT malware: competition and persistence

IoT malware is notable for a huge diversity of families derived from Mirai, which was first discovered in 2016. The source code of Mirai was posted on a dark web forum, encouraging hundreds of modifications that appeared within a short time, using various DDoS techniques, brute-force dictionaries, and vulnerabilities leveraged for self-spreading.

The significant number of players resulted in fierce competition among cybercriminals: both those who specialized in DDoS attacks and those who targeted the IoT at large. Consequently, malware developers started to add features intended to neutralize competing products on the infected device and prevent further infection by competitors.

The most commonly used preemptive tactic is adding firewall rules that block incoming connection attempts. Less frequently, remote device management services will be shut down. Malware that arrives late to the party will search for certain process names, scan ports, and analyze the device memory for malicious patterns to suppress infections already present on the device. Processes associated with competitors will be terminated and files, deleted, as hackers vie for control over the device.

Other threats stemming from the lack of IoT device security

Attackers have shown interest in Web-connected video cameras, as evidenced in ads for buying and selling access to compromised IoT devices. Various ways exist to monetize Illicit access to webcams. Cameras may be hacked for their CPU power only, to mine crypto, or to install DDoS utilities. They can be made to serve as routers (proxies or VPN servers) to anonymize illicit traffic. Some hackers even use them as, well, web cameras.

An illustration of that is a recent incident involving a Moscow Oblast, Russia resident who found that private footage shot by a camera she had purchased on AliExpress to monitor her dog has somehow found its way onto some Chinese websites.

Security researcher Paul Marrapese who has studied the consumer webcam segment says security holes are not uncommon. Regrettably, vendors could have done a much better job fixing those. Paul has discovered critical vulnerabilities in the firmware and protocols of certain webcam models, and one of the vendors he contacted never even got back to him to discuss remediation.

It is worth mentioning that manufacturers of such cameras often employ various implementations of peer-to-peer (P2P) protocols, such as Shenzhen Yunni iLnkP2P or CS2 Network P2P, which they share with more than 50 million other devices. These protocols either poorly encrypt traffic or use no encryption at all, exposing devices to man-in-the-middle (MitM) attacks. An attacker can easily eavesdrop on device traffic and steal user credentials or redirect the video stream.

According to a study by Trend Micro, peeping into webcam owners’ private lives is anything but rare. However, it is worth noting that aside from cameras, a variety of other IoT devices may be used for snooping. For example, despite their primary function not being related to video surveillance, most smart pet feeders on the market can capture real-time audio and video footage. While their popularity is soaring and new models are coming out to fulfill rising demand, vendors often neglect to protect these devices properly. Our recent test of a popular smart feeder model exposed a massive number of security vulnerabilities. Exploiting these weaknesses enables the device to be used for spying on pet owners, in addition to creating other opportunities for hackers.

Kids’ smart devices are another category of IoT devices that calls for increased focus on security. Sadly, some vendors do not take this seriously. We witnessed the lack of security in these devices for the first time when a maker of smartwatches commissioned our Product Security Maturity Assessment using the IoT Security Maturity Model approach developed by the Industry IoT Сonsortium. The vendor failed the test as security issues that we found were bad enough to essentially convert the product into a surveillance tool for watching the kid and their surroundings. Therefore, we did not issue a certificate.

Issues of inadequate security plague both consumer and industrial IoT devices. The latter may also contain basic security flaws, and their vendor-recommended settings may be unsafe.

The most common configuration issue in industrial IoT devices is using default passwords. For example, one manufacturer of media converters used for connecting elevator equipment to control room monitoring systems supplied these along with highly unsafe connection and configuration tips in the service documentation. On top of that, our researchers found that the devices themselves contained vulnerabilities that could be exploited even by not-so-highly-skilled hackers to assume full control of the converter. The recommendations were later updated to remove the insecure settings. However, the device vendor, who initially showed promptness in fixing security issues, soon lost all of that responsible spirit. As a result, many of the vulnerabilities we discovered remain unpatched to this day, over a year after receiving the notice from us.

One might get the impression that we consider all IoT devices insecure and the vendors, neglectful of the culture of secure development. That is not quite so. As an example, Bosch has attained our product security maturity certificate for a smart camera intended for industrial applications. We would really like all vendors of IoT devices intended for both consumers and industrial users to prioritize the cybersecurity of their products as much as they can.

Conclusion

IoT devices attract hackers for many reasons: they can be used to carry out DDoS attacks, camouflage traffic, or snoop on owners through built-in webcams. Similarly, NAS boxes may be targeted by ransomware gangs, and routers, by malicious actors who are after devices that connect to those, including smartphones on public Wi-Fi networks or other devices on the victim’s LAN.

Besides relentlessly attacking the IoT, hackers offer their services on the dark web market. That said, most connected devices, including those in industrial environments, remain easy prey due to the use of default passwords and the presence of device vulnerabilities, some of which the vendors never get to fixing. Vendors of both home and industrial IoT devices should adopt a responsible approach to product cybersecurity and introduce protective measures at the product design phase. In particular, we recommend abandoning default passwords in favor of unique ones for each individual unit and releasing patches on a regular basis to address any discovered vulnerabilities.

China's Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei's servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions between the two countries. In a message posted on WeChat, the government authority said U.S. intelligence agencies have "done everything possible" to conduct surveillance, secret theft, and intrusions on THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCyber Espionage / Spyware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). "This financially motivated THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCyber Threat / Ransomware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software. "It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software," it said in an alert last week. "Only a small subset of users, specifically THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comSupply Chain / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware. "The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comVulnerability / Exploit37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Rizika spojená s využíváním veřejných Wi-Fi si stále neuvědomuje dostatek lidí. Bezpečnost dat může zajistit používání VPN. Naprostá většina Čechů to ale nedělá.

Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022. "The site operated as a hidden service in the encrypted TOR network," the Finnish Customs (aka Tulli) said in a brief announcement on Tuesday. "The site has been used in anonymous criminal activities such as narcotics trade." The agencyTHNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCyber Crime / Dark Web37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, with THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comNetwork Security / Vulnerability37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641