Security Leftovers
-
LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack
[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.]
-
Nasuni says it can restore millions of files hit by ransomware in seconds [Ed: So it can delete Microsoft Windows?]
Nasuni Corp., a provider of cloud file services, today added targeted restore capabilities to its Nasuni Ransomware Protection service that reduce investigation time and speed recovery. The company also said it has integrated its software with Microsoft Corp.’s Sentinel cloud-based security information and event management platform.
-
Introducing CS2BR pt. II – One tool to port them all
Introduction In the previous post of this series we showed why Brute Ratel C4 (BRC4) isn’t able to execute most BOFs that use the de-facto BOF API standard by Cobalt Strike (CS): BRC4 implements their own BOF API which isn’t compatible with the CS BOF API.
-
Security advisory: QXmlStreamReader
A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-38197.
-
Trail of Bits’s Response to OSTP National Priorities for AI RFI
By Michael Brown and Heidy Khlaaf The Office of Science and Technology Policy (OSTP) has circulated a request for information (RFI) on how best to develop policies that support the responsible development of AI while minimizing risk to rights, safety, and national security.
-
NSA, CISA Issue Guidance on 5G Network Slicing Security [Ed: But NSA, CISA et al are proponents of back doors and strong boosters of remote access by the government]
The NSA and CISA have published guidance on hardening 5G standalone network slices against potential threats.
-
The White House details its IoT cybersecurity label plan
The White House unveiled its plan for a U.S. Cyber Trust Mark that will certify that the IoT device marked with the label has met a set of security criteria developed to protect consumers’ networks and device data.
-
White House Unveils Cybersecurity Labeling Program for Smart Devices
New US cyber program will label smart devices that are considered safer and less vulnerable to attacks.
-
White House, FCC advance efforts to add security labels to connected devices
Smart devices have become a popular target for hackers due to lax industry security standards, something that the Biden program is hoping to turn around.
-
Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks
At least two new Adobe ColdFusion vulnerabilities have been exploited in the wild, including one that has not been completely patched by the software giant.
-
Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat
Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of UK telco TalkTalk.
-
The importance of encryption for the defence industry in today’s digital landscape
In today’s increasingly digital world, the defence industry is increasingly adopting cutting-edge technologies to enhance its capabilities. These technologies, such as the Internet of Things (IoT), cloud computing, artificial intelligence (AI), and virtual reality (VR), offer tremendous opportunities for improved operations and services.
-
WordPress Sites Hacked via Critical Vulnerability in WooCommerce Payments Plugin
Attackers have started exploiting CVE-2023-28121, a recent critical vulnerability in the WooCommerce Payments WordPress plugin.
-
Australian vocational and trades education centre hit by Lockbit
The attackers have given the organisation a deadline of 24 July to get in touch and presumably negotiate a ransom payment.
A countdown clock on the site shows there is a little more than five days to go before data is leaked.
-
MOVEit victims hit by Cl0p now approaching 400: Emsisoft
Said Simas: "MOVEit is a file transfer platform made by a company called Progress Software Corporation. The platform is used by thousands of governments, financial institutions and other public and private sector bodies all around the world to send and receive information.
-
Typo watch: 'Millions of emails' for US military sent to .ml addresses in error
Beginning in January 2023, Zuurbier recommenced collecting misdirected .mil emails to show to US authorities. So far this year, he told the Financial Times, he's collected some 117,000 missives. The fear is that some miscreant or other could soon enough register .ml domains that correspond to .mil domains, and harvest all the lost mail.