PaPPy

Google pushing out .zip as a TLD and then divesting their registrar business is the equivalent on pooping in the punch bowl as you leave a party

https://9to5google.com/2023/06/15/google-domains-squarespace/

Chinese hackers used VMware ESXi zero-day to backdoor VMs VMware patched today a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data.

https://www.bleepingcomputer.com/news/security/chinese-hackers-used-vmware-esxi-zero-day-to-backdoor-vms/

Malvertising via brand impersonation is back again Ads containing the official website of an impersonated brand are running again, allowing fraudsters to scam users.

Great article on recent malvertising https://www.malwarebytes.com/blog/threat-intelligence/2023/05/malvertising-its-a-jungle-out-there

Really cool initial access and malware graph https://onodo.org/visualizations/235067

@support.bsky.team how are the weekly invites granted? As I’m a week and an hour into this account and I do not have any invites. Thanks!

It was trivial to come up with a POC for #CVE-2023-32243 thanks to @patchstackapp detailed write up. Already seeing it abused in the wild. #wordpress owners need to upgrade Essential Addons for Elementor plugin now and check for signs of intrusion.

WordPress Elementor plugin bug let attackers hijack accounts on 1M sites One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain administrator rights on the site.

This will lead to a lot of hacked WordPress sites I wonder if any of the link pits are running this plugin https://www.bleepingcomputer.com/news/security/wordpress-elementor-plugin-bug-let-attackers-hijack-accounts-on-1m-sites/

eSentire Threat Intelligence Malware Analysis: Vidar Stealer Dive deeper into the technical details gathered during eSentire’s Threat Response Unit (TRU) team’s research and threat analysis of the Vidar Stealer malware.

Great research on the Vidar Stealer https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-vidar-stealer

Fake in-browser Windows updates push Aurora info-stealer malware A recently spotted malvertising campaign tricked users with an in-browser Windows update simulation to deliver the Aurora information stealing malware.

https://www.bleepingcomputer.com/news/security/fake-in-browser-windows-updates-push-aurora-info-stealer-malware/

New Linux kernel NetFilter flaw gives attackers root privileges A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.

Looking forward to seeing the POC on Monday for this LPE on Linux https://www.bleepingcomputer.com/news/security/new-linux-kernel-netfilter-flaw-gives-attackers-root-privileges/

Note that the update for CVE-2023-24932 does NOT actually fix anything. It gives you the option of applying the fix yourself. Read through ALL of https://tinyurl.com/mprmsext if you want to consider applying the protection. Feel free to cry a bit and/or consider a career change.

Spanish police dismantle phishing operation linked to crime ring The National Police of Spain have arrested two hackers, 15 members of a criminal organization, and another 23 people involved in illegal financial operations in Madrid and Seville for alleged bank scams.

Great work by the spanish police https://www.bleepingcomputer.com/news/security/spanish-police-dismantle-phishing-operation-linked-to-crime-ring/

Feds seize 13 more DDoS-for-hire platforms in ongoing international crackdown The DDoS whack-a-mole game between law enforcement and miscreants continues.

Great work taking down DDoS services https://arstechnica.com/information-technology/2023/05/feds-seize-13-more-ddos-for-hire-platforms-in-ongoing-international-crackdown/

Nice article from CISA https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a

7

NextGen Healthcare says hackers accessed personal data of more than 1 million patients NextGen Healthcare has admitted to a data breach that saw hackers access the personal data of more than 1 million patients

Ouch https://techcrunch.com/2023/05/08/nextgen-healthcare-data-breach/

That’s pretty funny #Microsoft #clippy

Seems legit… https://www.reddit.com/r/techsupport/comments/9gwwcj/windowsdefendervbs_on_cuserspubliclibraries_is/

Kenya is turning to spyware, again; African SIM cards and identities; Nigerian telcos want to be excluded from data regulation and more infosec stories from across Africa.

https://cybafrique.substack.com/p/kenya-is-turning-to-spyware-again

Please educate y’all’s older folks https://www.malwarebytes.com/blog/threat-intelligence/2023/04/massive-malvertising-campaign-targets-seniors-via-fake-weebly-sites

San Bernardino County pays $1.1M ransom after cyberattack disrupts Sheriff's Department systems The hackers encrypted San Bernardino County Sheriff's Department data, causing significant disruptions to operations.

https://abc7.com/san-bernardino-cyberattack-ransom-paid-hackers/13215833/

Stuff like this and the satellite network keep me up and employed https://www.darkreading.com/ics-ot/2-years-after-colonial-pipeline-attack-us-critical-infrastructure-remains-as-vulnerable-to-ransomware

Lol

Great post on bad practices in cyber security from CISA https://www.cisa.gov/news-events/news/bad-practices-0

If people haven’t upgraded their Papercut software now, this seems pretty bad https://thehackernews.com/2023/05/researchers-uncover-new-exploit-for.html

What prevents this individual from just starting a new domain and running the same business again? #infosec https://krebsonsecurity.com/2023/05/10m-is-yours-if-you-can-get-this-guy-to-leave-russia/

Hello World! Happy to be here on #BlueSky instead of the dumpster fire!