PASSWORD – Cybersecurity News Everyday

Windows BitLocker — Screwed without a Screwdriver — Neodyme

January 21, 2025January 21, 2025 admin

The article discusses a vulnerability known as “bitpixie” that allows attackers to access encrypted files on Windows devices using BitLocker without needing to disassemble the device. This exploit takes advantage of a bug in the Windows Boot Manager and requires only physical access to the device and a network connection.…

Threat Research

Beware of Contacts through LinkedIn: They Target Your Organization’s Property, Not Yours – JPCERT/CC Eyes | JPCERT Coordination Center official Blog

January 21, 2025January 21, 2025 admin

Recent reports indicate unauthorized access in Japan, primarily using LinkedIn as an infection vector. The Lazarus attack group has been identified as responsible for these attacks, which have targeted organizations since 2019. Recommendations include restricting the use of social networking services on work devices. Affected: LinkedIn, Bitcoin.DMM.com…

Threat Research

Analysis Report on the Latest Phishing Incident by Clickfix: The Tragedy of CAPTCHA Resistance – Security Cow

January 21, 2025January 21, 2025 iocOne

This article analyzes the Clickfix phishing incidents, highlighting the evolution of CAPTCHA bypass techniques and the exploitation of user trust in verification mechanisms. It details how attackers use social engineering to manipulate users into executing malicious commands, leading to data theft. Affected: Windows system users, WordPress websites, online security sector

Keypoints :

Clickfix is a phishing technique that exploits user fatigue with verification processes.…

Info Data Leak

Massive Data Breach Hits NBI: Millions of Records Exposed Online

January 19, 2025 LeakNews

Summary: The National Bureau of Investigation (NBI) in the Philippines has experienced a significant data breach, attributed to a threat actor known as “Zodiac Killer.” The breach, which involves over 3.6 GB of sensitive data, includes personal information of millions, potentially leading to severe privacy and security risks.…

Info Data Leak

Hong Kong Database Leak Sparks Privacy Worries

January 19, 2025 DailyDarkWeb

Victim: Hong Kong Database | Hong Kong Database Price: Not disclosed Data: User information, including contact details and usernames

Keypoints :

Potential breach of a user information database in Hong Kong. Exposed sensitive personal data raises concerns over data security. Risk of identity theft and phishing attacks for affected individuals.…

Threat Research

If you think you blocked NTLMv1 in your org, think again

January 18, 2025January 18, 2025 admin

Silverfort has uncovered a significant misconfiguration in Active Directory Group Policy that allows NTLMv1 authentications to persist despite attempts to disable it. This flaw poses a security risk for organizations using on-prem applications, as attackers can exploit this vulnerability to gain unauthorized access. Affected: Active Directory, NTLMv1

Keypoints :

Silverfort’s research reveals a misconfiguration in Group Policy that allows NTLMv1 authentications to continue.…

Info Data Leak

Private Keys in the Fortigate Leak – Hanno’s blog

January 18, 2025January 18, 2025 admin

Summary: Recently, a leak of configuration files for Fortigate/Fortinet devices revealed sensitive data, including TLS and SSH private keys, due to a known vulnerability (CVE-2022-40684). Despite previous warnings from Fortinet about active exploitation, many users failed to change their default passwords, leaving their systems vulnerable. The incident highlights ongoing issues with security practices and the effectiveness of security advisories.…

Info Data Leak

15K Fortinet Device Configs Leaked to the Dark Web

January 18, 2025January 18, 2025 DarkReading

Summary: A significant data leak involving configuration data and VPN credentials for over 15,000 Fortinet devices has surfaced on the Dark Web, attributed to the Belsen Group. This incident follows the disclosure of a critical authentication bypass vulnerability in Fortinet’s systems, which was exploited to gather the leaked data.…

Threat Research

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

January 18, 2025 TrendMicro

This article discusses the ongoing large-scale DDoS attacks orchestrated by an IoT botnet that exploits vulnerable devices, primarily targeting companies in Japan and other countries. The botnet utilizes malware derived from Mirai and Bashlite, affecting various sectors and employing multiple DDoS attack methods. Affected: Japan, North America, Europe

Keypoints :

Large-scale DDoS attacks monitored since the end of 2024.…

Info Data Leak

Critical Vulnerability Threatens STEALTHONE Network Storage Servers

January 17, 2025January 18, 2025 Cyware

Summary: JPCERT/CC has issued a warning about critical vulnerabilities in STEALTHONE D220, D340, and D440 network storage servers, urging immediate firmware updates. The vulnerabilities, identified as CVE-2025-20016, CVE-2025-20055, and CVE-2025-20620, could allow attackers to execute arbitrary commands, gain unauthorized access, and steal administrative passwords. Users are advised to update their devices to the latest firmware to mitigate these risks.…

Threat Research

BlackSuit Ransomware Group: What Have Changed After Royal Ransomware

January 17, 2025 Picussecurity

The BlackSuit ransomware group, an evolution of the Royal ransomware, has emerged as a significant cyber threat since mid-2023, utilizing advanced tactics to extort over $500 million from various industries worldwide. This analysis delves into their operational strategies, notable incidents, and defense mechanisms to mitigate their impact.…

Threat Research

SharpRhino: An old, new threat

January 17, 2025January 17, 2025 Securonix

SharpRhino is a new RAT malware utilized by the Hunters International threat group, delivered as a legitimate software installer. It uses PowerShell scripts to execute encoded .NET assemblies for remote command execution and communicates with a C2 server over encrypted traffic. Affected: Windows

Keypoints :

SharpRhino is based on the open-source project ThunderShell.…

Threat Research

New Star Blizzard spear-phishing campaign targets WhatsApp accounts | Microsoft Security Blog

January 17, 2025January 17, 2025 Securonix

In mid-November 2024, Microsoft Threat Intelligence reported a shift in tactics by the Russian threat actor Star Blizzard, who began targeting WhatsApp accounts through spear-phishing campaigns. This new approach involves impersonating US government officials to lure victims into malicious links that compromise their WhatsApp data. The campaign highlights the actor’s resilience and adaptability in the face of operational disruptions.…

Threat Research

Threat Bulletin: Weaponized Software Targets Chinese-Speaking Organizations

January 17, 2025January 17, 2025 iocOne

A series of sophisticated cyberattacks targeting organizations in Chinese-speaking regions have been identified, utilizing a multi-stage loader called PNGPlug to deliver the ValleyRAT malware. The attacks begin with phishing tactics, leading to the installation of a malicious MSI package that deploys the malware while maintaining a facade of legitimacy.…

Ransom Monitor

Ransom! Chain And Rope SuppliersLTD

January 17, 2025 Monitorman

Victim: Chain And Rope SuppliersLTD Country : IE Actor: akira Source: Discovered: 2025-01-17 12:18:47.239336 Published: 2025-01-17 12:18:47.239336 Description : Started over 40 years ago, Chain And Rope Suppliers has grown from a specialist supplier of lifting equipment to Ireland’s leading lifting controls and safety specia list.…

Info Data Leak

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

January 17, 2025January 18, 2025 TheHackerNews

Summary: Recent data breaches have underscored the urgent need for enhanced security in guest Wi-Fi infrastructures across organizations. As businesses strive to balance network protection with convenient access for guests and employees, implementing secure guest Wi-Fi solutions has become essential. The integration of zero-trust architecture with cloud-based captive portals offers a robust framework for safeguarding sensitive data while ensuring compliance and operational continuity.…

Info Data Leak

Industry Reactions to Biden’s Cybersecurity Executive Order: Feedback Friday

January 17, 2025January 18, 2025 SecurityWeek

Summary: President Joe Biden’s recent executive order aims to enhance U.S. cybersecurity by addressing various critical areas, including software supply chains, encryption, and foreign threats. The order has sparked discussions among cybersecurity professionals regarding its future under the incoming Trump administration. Experts express both optimism and concern about the implications of the order for national security and the cybersecurity landscape.…

Info Data Leak

Vulnerabilities in SimpleHelp Remote Access Software May Lead to System Compromise

January 17, 2025January 18, 2025 SecurityWeek

Summary: Vulnerabilities in the SimpleHelp remote access software can be easily exploited, allowing attackers to compromise both server and client machines. Key issues include a path traversal vulnerability and improper privilege escalation, which could lead to unauthorized access and remote code execution. SimpleHelp has released patches to address these vulnerabilities, urging users to update their installations promptly.…

Threat Research

Gootloader inside out

January 17, 2025 Sophos

The Gootloader malware employs sophisticated social engineering tactics to infect users through compromised WordPress sites. It manipulates search engine results to direct victims to these sites, where they encounter fake message boards that link to the malware. The infection process is complex and heavily obfuscated, making it difficult for even site owners to detect.…

Info Data Leak

FTC sues GoDaddy for years of poor hosting security practices

January 17, 2025January 18, 2025 BleepingComputer

Summary: The Federal Trade Commission (FTC) has mandated GoDaddy to enhance its security measures, including implementing multi-factor authentication and HTTPS APIs, due to significant security failures since 2018. The FTC’s complaint highlights GoDaddy’s misleading claims about its security practices, which left millions of customers vulnerable to breaches.…

Tag: PASSWORD