Security News

The CloudSEK researchers disrupted the botnet by utilizing hard-coded API tokens and a built-in kill switch to uninstall the malware from infected devices.

Security researchers have discovered an arbitrary account takeover flaw in Subaru's Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate.

Curry says Subaru patched the vulnerability within 24 hours of the researchers' report and was never exploited by an attacker.

A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions.

"Mac Homebrew Project Leader here. This seems taken down now," tweeted McQuaid.

To safeguard against such attacks, it's advised to monitor suspicious processes, events, and network traffic spawned by the execution of any untrusted binary/scripts. It's also recommended to apply firmware updates and change the default username and password.

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.

CISA: Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products

cross-posted from: https://lemmy.zip/post/30049292

Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels.

New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.

The ambitious final executive order requires 52 agency actions to bolster cyber protections and counter adversaries, including a new plan to address spiraling digital identity theft.

Archive Today mirror: https://archive.ph/JTLIU

AI summary

The webpage discusses leaked documents revealing the capabilities of Graykey, a phone unlocking and forensics tool utilized by law enforcement globally. According to the documents obtained by 404 Media, Graykey can retrieve only partial data from modern iPhones running iOS 18 and iOS 18.0.1. There is no information on its functionality with the recently released iOS 18.1. This leak is significant for Grayshift, the company behind Graykey, especially since it has been acquired by Magnet Forensics, another player in the digital forensics field. Unlike its competitor Cellebrite, which has experienced similar leaks, this is the first detailed disclosure of the specific phones Graykey can and cannot access. The documents also provide insights into Graykey's capabilities with Android devices. Overall, this situation highlights the ongoing struggle between forensics tools and phone manufacturers like Apple and Google. The information indicates a complex interplay in the evolving landscape of mobile device security and law enforcement access.

The threat actors use a variety of distribution channels, including malvertising, spearphishing, and brand impersonation in online gaming, cryptocurrency, and software, to spread 50 malware payloads, including AMOS, Stealc, and Rhadamanthys.

Victims are lured into downloading malicious software by interacting with what they are tricked into believing are legitimate job opportunities or project collaborations.

On Windows, HijackLoader is used for delivering Stealc, a general-purpose lightweight info-stealer designed to collect data from browsers and crypto wallet apps, or Rhadamanthys, a more specialized stealer that targets a broad range of applications and data types.

When the target uses macOS, Marko Polo deploys Atomic ('AMOS'). This stealer launched in mid-2023, rented to cybercriminals for $1,000/month, allowing them to snatch various data stored in web browsers.

cross-posted from: https://programming.dev/post/19431239

Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries.

Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack.

"After an initial chat conversation, the attacker sent a ZIP file that contained COVERTCATCH malware disguised as a Python coding challenge," researchers Robert Wallace, Blas Kojusner, and Joseph Dobson said.

The malware functions as a launchpad to compromise the target's macOS system by downloading a second-stage payload that establishes persistence via Launch Agents and Launch Daemons.