Firefox users may import Chrome extensions now

gHacks Technology News

Firefox users may import Chrome extensions now - gHacks Tech News

Firefox users may import extensions from other web browsers using the browser's import feature now.

Newsletter:

Risky Biz News: WinRAR zero-day used to hack stock and crypto traders

In other news: China's Barracuda hacking campaign still going strong; Brazilian Telegram hacker gets 20 years in prison; and ransomware gangs prefe...

Podcast:

Risky Biz News: WinRAR zero-day used to hack stock and crypto traders - Risky Business Media

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.Yo [Read More]

-WinRAR zero-day used to hack stock and crypto traders -China's Barracuda hacking campaign still going strong -Brazilian Telegram hacker gets 20 years in prison -Ransomware gangs prefer night-time attacks -Venus Protocol invalidates $63m from hacker account -FBI warns of impeding TraderTraitor laundering attempts -Data leak at Brazil's largest escort site -DEA gets scammed -Tor gets PoW-based anti-DDoS mitigation

The FBI says that Chinese hackers are still exploiting a Barracuda zero-day (CVE-2023-2868) to compromise email servers across the world. The agency published this week a security alert with new IOCs related to these attacks: https://www.ic3.gov/Media/News/2023/230823.pdf

Australia's TLD domain registrar, auDA, confirms data breach:

auDA

Resolution of cyber incident | auDA

auDA has completed its investigation into the alleged cyber incident, which indicates that there is no evidence that cyber criminals have accessed ...

(after initially denying it):

auDA

auDA statement | auDA

Update on an alleged data breach.

Newsletter:

Risky Biz News: US warns space sector of hacks, spying, IP theft, and sabotage

In other news: Juniper releases out-of-band security update; TSSHOCK attack can steal funds from MPC crypto-wallets; and Tesla identifies Handelsbl...

Podcast:

Risky Biz News: Foreign intelligence services are targeting the US space sector - Risky Business Media

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.Yo [Read More]

-US warns space sector of hacks, spying, and sabotage -Juniper releases out-of-band security update -TSSHOCK attack can steal funds from MPC crypto-wallets -Tesla identifies Handelsblatt whistleblowers -Exactly Protocol hacked for $7.3m -Kimsuky hacks officials ahead of US-ROK military exercise -WinRAR vulnerability fixed -New SAMLjacking technique -Google publishes DFIQ -Facebook publishes TTPForge -New LOFLCAB project

After PSNI, it's now the turn of UK police to leak data via FOI websites https://www.suffolk.police.uk/news/latest-news/press-notice-regarding-data-breach-norfolk-and-suffolk-police

Poland arrests two Russian nationals spreading Wagner PMC recruitment fliers in Krakow and Warsaw

Służby specjalne

ABW zatrzymała 2 obywateli Rosji - Służby specjalne - Portal Gov.pl

11 sierpnia br. Agencja Bezpieczeństwa Wewnętrznego zatrzymała dwóch obywateli Federacji Rosyjskiej – Aleksieja T. i Andrieja G., którzy rea...

Google's Mandiant division has released a tool that can scan Citrix NetScaler ADC appliances for signs of exploitation via the CVE-2023-3519 vulnerability. Blog: https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner GitHub:

GitHub

GitHub - mandiant/citrix-ioc-scanner-cve-2023-3519

Contribute to mandiant/citrix-ioc-scanner-cve-2023-3519 development by creating an account on GitHub.

Cybersecurity firm Secureworks plans to lay off 15% of its workforce, the company announced in an SEC filing.

XBRL Viewer

"Discord.io has suffered a data breach." https://discord.io/

Discord.io

id Software has open-sourced the code for its emblematic Quake 2 FPS game. The company says it released the code "for users who wish to mod the game."

GitHub

GitHub - id-Software/quake2-rerelease-dll

Contribute to id-Software/quake2-rerelease-dll development by creating an account on GitHub.

Indonesian haxor Beruangsalju has put together a collection of the most widely known web shell scripts. Friendly warning to beware of backdoored scripts. https://github.com/beruangsalju/shell-backdoor

"Did you put the Christmas hats on the logos? No, researchers did that. And honestly I had lost a battle. I tried to use that as our official logo next time, and I was told we couldn’t"

TechCrunch

How the FBI goes after DDoS cyberattackers | TechCrunch

In an interview at the Black Hat cybersecurity conference, the FBI explained how it targets and takes down DDoS attackers and booter sites.

Lolek bulletproof host admin charged for hosting NetWalker infrastructure

 

Newsletter:

Risky Biz News: Russia blocks OpenVPN and WireGuard VPN protocols

In other news: Northern Ireland police deals with data breach; new TunnelCrack attack leaks VPN traffic; and a couple of crypto-wallet vulnerabilit...

Podcast:

Risky Biz News: Russia blocks OpenVPN and WireGuard VPN protocols - Risky Business Media

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.Yo [Read More]

-Russia blocks OpenVPN and WireGuard VPN protocols -Northern Ireland police deals with data breach -New TunnelCrack attack leaks VPN traffic -MilkSad vulnerability exploited to steal from crypto-wallets -Hundred Finance shuts down after hack -Dallas ransomware attack to cost city $8.6mil -Canada exposes WeChat disinfo campaign -Indian military to replace Windows with Linux -New Belarusian APT MitMs ISP traffic

The German Federal Office for the Protection of the Constitution (BfV) says it detected "concrete spying attempts" by Iranian APT group Charming Kitten targeting dissident organizations and Iranian nationals living in Germany. Targets included lawyers, journalists, and human rights activists. The campaign has allegedly been taking place since the end of 2022.

Bundesamt für Verfassungsschutz

BfV Cyber-Brief Nr. 01/2023

Nach aktuellen Erkenntnissen des Bundesamtes für Verfassungsschutz (BfV) ist seit Ende 2022 von konkreten Ausspähversuchen der APT-Gruppi...

The Cyber Safety Review Board (CSRB) has published a report on the Lapsus$ gang

Cybersecurity and Infrastructure Security Agency CISA

Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report | CISA

AT&T says AdLoad now has a proxy component for funneling spam campaigns through infected systems Estimated infections are in the thousands, just from AT&T visibility https://cybersecurity.att.com/blogs/labs-research/mac-systems-turned-into-proxy-exit-nodes-by-adload

Moq, a super popular NuGet package, included a dependency that harvested email addresses from the git.config files of all Moq users. The behavior was removed, but by that point, it collected quite the data. You don't need to have malicious/shady bejavior up for months... a few days in a super-popular library and the damage is done. https://medium.com/checkmarx-security/popular-nuget-package-moq-silently-exfiltrates-user-data-to-cloud-service-d1888867406d

A Russian court convicted a hacker for developing malware and stealing card data from foreigners. He also donated to Navalny's Anti-Corruption Fund. We all know why he was convicted. Too bad Russia doesn't prosecute all the other hackers that didn't donate to Navalny.