**PRESS RELEASE**

**SANTA CLARA, Calif.,Oct. 25, 2023/PRNewswire/ --** Malwarebytes, a global leader in real-time cyber protection, today launched an essential new consumer solution, Identity Theft Protection. The new service helps individuals secure their digital identities and defend against identity and online threats. Malwarebytes Identity Theft Protection includes real-time identity monitoring and alerts, robust credit protection and reporting and live agent-supported identity recovery and resolution services – backed by up to a $2 million identity theft insurance policy. The new service, paired with Malwarebytes' award-winning antivirus and VPN software, helps prevent criminals from stealing or using personal information to drain financial accounts, hack or impersonate social media accounts, damage a user's reputation or other online and identity-based attacks.

Today's digital life is complex and sometimes deceptive. According to new research from Malwarebytes, identity theft ranks as people's third biggest concern when it comes to online security, just behind fear of financial accounts and personal data being breached – both of which play into identity theft. Of those surveyed 64% agree that identity theft protection is important, but only 13% have it. Consumers are also increasingly fearful of new technology. Malwarebytes gives consumers protection they can trust, alerting them when we see their information has been stolen and providing live agent support to restore their identity and replace lost items.

"Even as we spend more and more of our lives online, we all know that the internet today can't be trusted," said Mark Beare, GM of Consumer Business Unit, Malwarebytes. "Consumers need a tool that not only blocks threats like malware and phishing, but that also monitors and protects their digital identity, be that social media profiles, bank accounts or email. With Malwarebytes Identity Theft Protection, we provide a robust and exhaustive suite of services so individuals and families can rest easy knowing that we are actively working to keep them safe and protect their digital identity."

Malwarebytes Identity Theft Protection is available globally through a variety of tiered offerings that provide protection via computers and mobile devices across multiple operating systems including Windows, macOS, Android and iOS.

**Key features include:**

*   Identity Monitoring & Alerts**:** Continuously scours a multitude of websites and data sources, including the Dark Web, to alert if personal information is being illegally traded or sold. Recommends actions to take to protect yourself.
*   Credit Monitoring and Protection**:** Ongoing tracking of credit for critical changes, such as new accounts or inquiries and applications for new lines of credit. A credit freeze also can be activated\*.
*   Breach IQ**:** Provides a safety score and alerts if personal information is part of a known breach\*.
*   Identity Recovery & Resolution**:** Assistance in the event of an identity theft incident, including guided steps to report the crime, dispute fraudulent charges, restore identity and recuperate financial losses incurred. Includes up to a $2 million insurance policy.

To read more about the latest threats and cyber protection strategies, visit our blog, or follow us on Facebook, Instagram, LinkedIn, TikTok and Twitter.

_\*U.S. only_

**About Malwarebytes**

Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, Malwarebytes' award-winning endpoint protection, privacy and threat prevention solutions along with a world-class team of threat researchers protect millions of individuals and thousands of businesses across the globe daily. Malwarebytes solutions are consistently recognized by independent tests including AVLAB and AV-TEST. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.

Malwarebytes Announces Consumer Identity Theft Protection Solution

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

CVE-2023-39726: "[31m"?! ANSI Terminal security in 2023 and finding 10 CVEs

**PRESS RELEASE**

**CAMBRIDGE, England****,** **Oct. 26, 2023** **/PRNewswire/ --** Darktrace, a global leader in cyber security AI, today unveiled a new Darktrace/Cloud™ solution based on its unique Self-Learning AI. The new solution provides comprehensive visibility of cloud architectures, real-time cloud-native threat detection and response, and prioritized recommendations and actions to help security teams manage misconfigurations and strengthen compliance. When combined with insight from Darktrace solutions for network, email, apps, zero trust and endpoint, Darktrace/Cloud provides a deeper, contextualized understanding of the risks and threats currently facing an organization's digital estate.  

According to a recent report, "Gartner® anticipates over 99 percent of cloud breaches will be based on a customer error, account takeover or misconfiguration until 2027"\[1\]. Cloud environments are constantly evolving so security professionals need to increase the level of visibility while keeping up with changing compliance, risk and security requirements. The rise of cloud-native technologies including containers, Kubernetes and microservices also require new tools and techniques for detecting and responding to known and novel threats.

"Unlike static cloud security tools that provide snapshots of a specific point in time, Darktrace/Cloud is real-time, all the time. Our Self-Learning AI continuously learns patterns between workloads, assets, policy configurations and identities to provide a dynamic view of cloud architectures. We analyze the entire cloud stack from data to control plane, combining an understanding of architecture and network with a new flexible, scalable deployment model," said Jack Stockdale, Chief Technology Officer, Darktrace. "Our innovative approach to cloud security is built on more than a decade of leadership in Cyber AI that is already protecting our customers' critical business areas from network and email to operational technology."

Available today, the new capabilities in Darktrace/Cloud include:

*   **Comprehensive visibility and architecture modeling** for insights into the constantly changing nature of cloud environments. This visibility is constructed dynamically from configuration, network, users and identity and access management (IAM) data. Darktrace establishes patterns of life for cloud resources, identities, and services to understand who has access to what and how. This is critical for detecting anomalies and unknown threats.
*   **Universal attack path modeling** provides a dynamic view of where attackers may look to move next. Darktrace brings together real-time cloud data and a deep understanding of your cloud environment with a platform approach that provides insights about risks from other covered areas of the business (e.g., network, email) to highlight potential attack paths and prioritize important assets to secure.
*   **Unique real-time and cloud-native threat detection and response** that provides a dynamic view of known and novel threats within the cloud. Darktrace combines deep cloud attack path knowledge with real-time anomaly and threat detection through cloud-native autonomous response actions, such as detaching a policy from a user or removing a workload from a security group.
*   **Prioritized cloud posture management** that starts by examining cloud configurations against common compliance frameworks. Where misconfigurations are detected, Darktrace provides a prioritized view of what to fix first, based on a risk profile generated from security and business context. Guided steps can be provided to help teams proactively address these before they become a significant issue.
*   **Cost discovery** to provide a better understanding of cloud resource allocation. This helps teams contextualize their cloud resources according to security and business priorities.
*   **Communication and collaboration capabilities** to streamline workflows between security teams and DevOps teams. Tickets can be created on demand, teams can communicate directly via messaging platforms, and alerts and anomaly detections can be sent to Security Information & Event Management (SIEM) or Security Orchestration, Automation and Response (SOAR) products and the Darktrace Mobile app so they can be alerted on the go.
*   **Flexible deployment options** include an agentless deployment by default so organizations can be up and running in minutes. Teams can use the dynamic architectural view and risk context to decide where to deploy agents for enhanced real-time actions and deeper inspection.

Sykes Cottages, a cloud-native travel agency platform in the UK, has experienced significant growth in the last five years and has relied on the cloud to help them scale throughout this period.

"When it comes to cybersecurity, having visibility and an understanding of what you've got and your risks is critical. If I don't know it's there, I can't protect it," said Jonny Mattey, Head of Cybersecurity, Sykes Cottages. "Having a holistic, live view of our cloud environment enables us to work pragmatically and use AI to cut down management time so that we can address security risks and improve our resilience."

The new Darktrace/Cloud solution is now available on Amazon Web Services (AWS) through the AWS Marketplace, a curated digital catalog that makes it easy for customers to find, buy, deploy, and manage the third-party software they need to build solutions and run their business. Darktrace and AWS have been collaborating since 2017 to help organizations secure their AWS environments. Darktrace protects AWS environments for organizations around the world including Sunwest Bank and ProPhase Labs. Darktrace is an AWS Security Competency Partner and is part of the AWS ISV Accelerate program.

"Security is job zero at AWS," said Paddy Fitzpatrick, Director – Independent Software Vendors, UK & Ireland at Amazon Web Services. "As the threat landscape continues to evolve, the availability of AI-based tools like Darktrace/Cloud on the AWS Marketplace will help customers to gain increased visibility, and respond more effectively to security risks and threats."

Darktrace first extended its Cyber AI capabilities to cloud environments in 2016, applying its world class algorithms to granular network traffic. Darktrace/Cloud was recently named Cloud Security Product of the Year for Large Enterprises by Computing Magazine in its 2023 Cloud Excellence Awards.

Learn more about the new enhancements to Darktrace/Cloud by tuning into the launch event at 11:30am ET/4:30pm BST.

**ABOUT DARKTRACE**

Darktrace (DARK.L), a global leader in cyber security artificial intelligence, is on a mission to free the world of cyber disruption. Breakthrough innovations in our Cyber AI Research Center in Cambridge, UK have resulted in over 160 patents filed and research published to contribute to the cyber security community. Rather than study attacks, Darktrace's technology continuously learns and updates its knowledge of 'you' and applies that understanding to optimize your state of optimal cyber security. Darktrace is delivering the first ever Cyber AI Loop, fueling a continuous end-to-end security capability that can autonomously spot and respond to novel in-progress threats within seconds. Darktrace employs over 2,200 people around the world and protects approximately 8,900 customers globally from advanced cyber threats. Darktrace was named one of TIME magazine's 'Most Influential Companies' in 2021. To learn more, visit http://www.darktrace.com.

SOURCE Darktrace

Darktrace Unveils Cloud-Native Security Solution Using AI

### Summary
An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.

### Details
In `dsaVerify` function, it checks whether the value of the signature is legal by calling function `checkValue`, namely, whether `r` and `s` are both in the interval `[1, q - 1]`. However, the second line of the `checkValue` function wrongly checks the upper bound of the passed parameters, since the value of `b.cmp(q)` can only be `0`, `1` and `-1`, and it can never be greater than `q`. 

In this way, although the values of `s` cannot be `0`, an attacker can achieve the same effect as zero by setting its value to `q`, and then send `(r, s) = (1, q)` to pass the verification of any public key.

### Impact
All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability.


### Fix PR:
Since the temporary private fork was deleted, here's a webarchive of the PR discussion and diff pages: [PR webarchive.zip](https://github.com/browserify/browserify-sign/files/13172957/PR.webarchive.zip)


**Summary**

An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.

**Details**

In dsaVerify function, it checks whether the value of the signature is legal by calling function checkValue, namely, whether r and s are both in the interval [1, q - 1]. However, the second line of the checkValue function wrongly checks the upper bound of the passed parameters, since the value of b.cmp(q) can only be 0, 1 and -1, and it can never be greater than q.

In this way, although the values of s cannot be 0, an attacker can achieve the same effect as zero by setting its value to q, and then send (r, s) = (1, q) to pass the verification of any public key.

**Impact**

All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability.

**Fix PR:**

Since the temporary private fork was deleted, here's a webarchive of the PR discussion and diff pages: PR webarchive.zip

**References**

*   GHSA-x9w5-v3q2-3rhw
*   https://nvd.nist.gov/vuln/detail/CVE-2023-46234
*   browserify/browserify-sign@85994cd

GHSA-x9w5-v3q2-3rhw: browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack

Nation-state hackers are using hybrids to ensnare those in the maritime, shipping, and logistics industries.

A threat actor sponsored by the Islamic Republic of Iran has been using watering-hole attacks, with a new malware downloader and a budding new method of infection, against Mediterranean organizations involved in the maritime, shipping, and logistics sectors.

These latest tactics and tools represent in some ways a continuation, and in other ways an evolution, for the group variously known as Tortoiseshell, Imperial Kitten, TA456, Crimson Sandstorm, and Yellow Liderc, according to a blog post this week from PricewaterhouseCoopers. The Islamic Revolutionary Guard Corps-backed threat actor has previously been recorded using watering holes, phishing domains, highly targeted emails, fake social media accounts, and more, in its globe-spanning espionage campaigns.

**Yellow Liderc's Latest Campaign**

Since 2022, Yellow Liderc has been compromising legitimate websites and using them to insert malicious JavaScript. The JavaScript fingerprints unwitting visitors, capturing details such as their location, device, time of visit, and so on. If a visitor matches a specific profile — in this case, entities along the Mediterranean associated with maritime, logistics, and shipping — they will be served further malware.

The malware in question is "IMAPLoader," a dynamic link library (DLL) written in .NET, which uses email as a means of command-and-control (C2) communication.

This new sample is in most ways similar in function to Yellow Liderc's previous loaders. It distinguishes itself, however, in its advanced method of infection: a technique known as "appdomain manager injection." First demonstrated by a proof-of-concept (PoC) called "GhostLoader" in 2020, hackers or red teamers can use it to circumvent tools designed to detect a DLL or executable being loaded onto a Windows machine.

After slyly injecting itself on a host computer deemed of high value, IMAPLoader communicates with the attackers' Russian-hosted, very American-sounding email addresses — leviblum\[@\]yandex.com and brodyheywood\[@\]yandex — where further payloads lie.

**Yellow Liderc's Tactics and Targets Vary**

Anyone who tries to defend against Yellow Liderc simply by accounting for this method of injection, or this malware, will end up falling short. The group has been known to cycle through and combine various tactics, techniques, and procedures over the years.

"What we've seen more often and most recently is reconnaissance emails," says Joshua Miller, senior threat researcher at Proofpoint. Since 2021, he says, it has used the open source red-team tool GoPhish to insert malicious links into fake newsletters impersonating legitimate organizations. But it's also got more, weirder strategies in its arsenal. In 2021, Proofpoint described an elaborate, yearslong ruse they ran, posing as a woman named Marcella Flores, in order to phish a specific employee at an aerospace company.

Recently, Proofpoint observed a unique cluster within the same APT targeting workers and organizations in the healthcare, technology, and the nuclear division of a European energy company. According to PwC, it remains an ongoing threat not just to all of these industries and regions thus far named, but also the automotive, defense, and IT industries, in places as far and wide as the Middle East, South Asia, and North and South America.

Perhaps the only consistent elements of a Yellow Liderc attack are the minor discrepancies between the email sender, newsletter, or website one expects, and the actual sender or experience they're delivered.

"Look for any unusual network traffic," Miller advises, and pay attention to suspicious emails. "Checking who's sending an email is important. I know that we say that all the time, but it's true and important for this sort of case."

Iran APT Targets the Mediterranean With Watering-Hole Attacks

TikTokkers are using a little-known livestreaming feature to falsely represent Israelis and Palestinians—and the company is taking a cut of costly in-app gifts viewers give to participants.

TikTokkers are using a little-known livestreaming feature to cash in on the huge interest in the Israel-Hamas war despite having no links to the crisis. TikTok, meanwhile, is taking up to 50 percent of the earnings.

In the days after Hamas attacked Israel on October 7, TikTok creators have been engaging in “live matches” on the platform where one creator plays the role of Israelis and the other that of Palestinians, while encouraging—and often shouting at—their followers to continue to donate expensive gifts. The side with the most gifts after five minutes wins the battle.

Some of these gifts cost hundreds of dollars each, and several livestreams WIRED observed in recent days have continued for multiple hours without a break. One battle had seen the creator representing Palestinians winning 72 matches in a row.

The creators can cash out their winnings for real currency, but only after TikTok itself has taken a major cut of the earnings.

As the humanitarian crisis in Gaza continues to worsen, social media platforms have been accused of allowing disinformation to fester while platforms including TikTok have been accused of silencing certain viewpoints. Now TikTok appears to be profiting off their users’ fascination with Israel and Palestinians, and allowing creators who may not be from Israel or the Palestinian territories to earn money off the conflict.

WIRED found dozens of examples of creators seeking to cash in on people’s interest in the crisis, but one pair of creators appears to be cashing in more than most.

On multiple days over the course of the past week, a Turkish streamer who claims to represent Palestinians battled a Greek-Georgian streamer who claims to represent Israelis. In case there was any doubt about who each was supposedly representing, each had the flag of their respective adopted sides onscreen during the battles.

In all of the battles WIRED observed, none of the participants appeared to have any link to the entities they claimed to be representing, and none of them suggested they were planning on donating any of the money earned to the people directly impacted by the current crisis.

Battles between influencers online have been a feature of streaming services since at least 2016, particularly in China, though on most other platforms, the participants have to complete tasks or show off a skill in order to win a battle. On TikTok, it’s mostly just screaming.

Live matches, also known as player knockout or PK battles, have been a feature on TikTok since at least 2021, though TikTok does not mention the feature on its own webpage describing how livestreaming works. Despite the feature being available for more than two years, it is not very well known, and to the uninitiated, the TikTok battles may make little sense, with viewer counters, stickers, and never-ending comments crowding the screen while the two creators shout and scream in a bid to get their followers to donate more gifts.

Rather than making any coherent argument about the rights of Israelis or Palestinians during this crisis, the streamers instead shout out their side’s name or scream comments such as: “Like, like, like,” and “Follow me.”

The streams WIRED observed were watched live by thousands of TikTok users. Today, just before this article was published, a push notification showed the streamers were going live once again.

The two streamers did not respond to WIRED’s messages about their battles.

The rise of TikTok live matches related to the Israel-Hamas war was first highlighted by Abbie Richards, a research fellow at the Accelerationism Research Consortium who specializes in tracking misinformation on TikTok. Richards said it was “gross to grift off atrocities.”

“So this is real people, sending real money to TikTokkers to gesture support for the concept of Israel or Palestine,” Richards said in a video posted on Instagram this week. “But do you know who’s really making money off of these? TikTok, because they take roughly half of the money creators make on live. This helps literally no one except these grifters and TikTok. It’s fucking disgusting.”

TikTok did not respond to WIRED’s request for comment.

A lot of TikTok creators use the app’s livestream feature to generate income, with some streamers broadcasting their entire lives on the platform. The “live match” feature is little known on the hugely popular video-sharing app that allows two people to “battle” against each other for five minutes at a time. The winner is the person who gains the most likes and gifts from their followers.

The strange phenomenon means that the TikTokkers participating need to encourage their followers to donate as many gifts as possible in order for them to “win.”

Virtual gifts are purchased with TikTok’s in-app currency, known as coins. The cost of coins vary depending on how many you are buying, but you can buy 70 coins for less than a dollar.

The gifts range from stickers of roses and the TikTok logo, which cost just a couple of coins, up to animations that take over the full screen that cost up to 45,000 coins. Purchasing enough coins to buy the most expensive gifts on TikTok can cost over $500.

After a user donates the gift to a creator during a battle, those gifts are then converted into Diamonds, which creators can then cash out for real currency.

However, the full value of the gift is not transferred to the creator, with TikTok taking a significant slice of each gift donated. The exact amount is unclear, but a BBC investigation last year found creators received just 30 percent of the money donated to them. TikTok at the time said its cut was significantly less than 70 percent but would not specify an exact percentage.

But even small purchases can quickly accumulate. In January, people spent $6 billion in-app on TikTok, according to a report released by Data.ai, a mobile market trends firm

It can be a lucrative business, with some TikTokkers claiming they are making up to $30,000 a month from live matches. Meanwhile, those who are sending the gifts are also reporting that they can easily become addicted, leading to financial and emotional problems.

TikTok Streamers Are Staging ‘Israel vs. Palestine’ Live Matches to Cash In on Virtual Gifts

New YoroTrooper research, the latest on the Cisco IOS vulnerability, and more.

Thursday, October 26, 2023 14:10

Coming from the newspaper and media industry, I’m no stranger to wanting to write catchy headlines. I’m certainly at fault for throwing together a story about so-and-sos house sold for X million dollars.  

But recently I’ve been wondering if those “big numbers” for cybersecurity are helpful at all, even though they might generate clicks to a news organization. 

I saw several media outlets had reported on a new estimate from commercial insurance market Lloyd's of London that a cyber attack on any international global payments systems could cost $3.5 trillion globally, hurting many major world economies. 

At face value, that seems bad, and it’s a number that’s sure to come up with board rooms or any place decision-makers meet to discuss cybersecurity. 

It likely catches the eye of readers at home who are skimming newspaper headlines (if you’re like my dad and one of the last people who still reads physical newspapers).  

But what use is actually throwing these types of numbers out there? It reminds me of the discussion around climate change or any other problem that seems larger than life. I tend to not dwell on the worst-case scenario reports that always come out and make headlines because I feel these have a tendency to make people feel defeated — like there is no purpose in trying to make a difference because the problem is so overwhelming that one individual contribution won’t matter anyway, so then we all sit by and do nothing. 

If every time there is a major cyber attack, and we shame the targeted company by pointing out how many millions of dollars they lost, it’s just another form of public shaming that I’ve written about before that can lead to a stigma around disclosing cyber attacks. 

That Lloyd’s of London report is far from the first of its kind, these kinds of numbers pop up all the time, especially at the end of the calendar year when outlets want to write stories about how much cyber attacks cost consumers that year (there were estimates ranging from $7 billion to $10 billion in 2022). 

To me, numbers like this only contribute to fear, uncertainty and doubt (FUD) in the cybersecurity space. A small business owner who sees cybersecurity as a trillion-dollar problem to be solved by world governments isn’t going to see implementing a better password on their store’s wireless router as anything that’s going to help, because the global economy is in a bad place anyway if one day everyone’s point-of-sale systems go down at once. 

I’m sure many of these reports and estimates are created in good faith by experts who know what they’re talking about, and on a grand scale, yes, it’s important to know how serious of a problem this is for everyone, no matter where you live in the world. 

But I think we’d all be better served spending time talking about ways to get easy cybersecurity wins rather than losing sleep over a global hack that may or may not ever happen. 

**The one big thing **

New Talos research shows that the YoroTrooper threat actor is likely operating out of Kazakhstan. Our latest blog post on this group outlines how they’re still expanding their spam operations and using Azerbaijan-related false flags to throw researchers off their scent. The threat actor also uses online exchanges, such as alfachange\[.\]com, which converts money from Kazakhstani Tenge to Bitcoin via their Visa and Mastercard cards. 

**Why do I care? **

YoroTrooper’s targeting appears to be focused on Commonwealth of Independent States (CIS) countries, and the operators have compromised multiple state-owned websites and accounts belonging to government officials of these countries between May and August 2023. Any organization that falls into that category should certainly be on the lookout, but since this actor has continued to operate for so long, it’s impossible to say where they’d pivot next. Talos believes that, in addition to commodity and custom malware, YoroTrooper continues to rely heavily on phishing emails that direct victims to credential harvesting sites. 

**So now what? **

Talos has an exhaustive list of new indicators of compromise that you can run against your network to check for any YoroTrooper activity. A new round of Snort rules and ClamAV signatures can also detect this activity, along with the many information-stealing malware that YoroTrooper tends to use in its campaigns.  

**Top security headlines of the week **

**AI tools like ChatGPT are getting increasingly good at writing malicious code and spam emails, two new studies found.** An internal study at IBM found that employees who were targeted with ChatGPT-written spam emails were just as likely to click on them as ones written by humans. The leader of the experiment said it only took her team about five minutes to get ChatGPT to write the spam email in question, despite workarounds in place to keep users from exploiting the chat bot for these types of uses. A separate study at the University of Sheffield released last week also found that, by asking ChatGPT and other AI applications for a certain series of prompts, they produced malicious code. When executed, that code would leak confidential database information, interrupt a database's normal service, or destroy it. That study specifically focused on Text-to-SQL systems, which is AI that allows users to search databases by asking questions in plain language. (Axios, TechXplore) 

**The alleged leader of the Ragnar Locker ransomware gang was arrested in Paris earlier this month.** Eleven law enforcement agencies teamed up to find the suspected developer and take down infrastructure associated with Ragnar Locker. Five additional suspects were interviewed in Spain and Latvia. Authorities seized the group’s leak site, as well, posting a takedown notice for victims, though no resources appear to be available yet for anyone looking to negotiate with the attackers or who are currently infected with Ragnar Locker. Ragnar Locker has been active since 2019, targeting the energy sector, hospitals, airports, and more. It utilized double extortion tactics, threatening to leak any stolen data if the ransom isn’t paid. For example, this resulted in the reveal of several video games under development by Capcom. (Dark Reading, CPO Magazine) 

**Attackers breached the network of software firm Okta, stealing access tokens and sitting on the company’s customer support platform for at least two weeks.** Okta said the attack only affected a few customers, but password management service 1Password said this week it was the target of a follow-on attack using the stolen tokens. However, 1Password said no customer login information was affected. Okta provides identity and login tools like multi-factor authentication and single sign-on to major companies across the globe. The disclosure from Okta came weeks after major cyber attacks on MGM Resorts and Caesar’s Entertainment, in which adversaries tricked Okta multi-factor authentication administrators into resetting requirements, which provided them easier access to the targeted networks at those casinos and hotels. (Krebs on Security, Ars Technica) 

**Can’t get enough Talos? **

*   Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities 
*   Attacks on web applications spike in third quarter, new Talos IR data shows 
*   The Need to Know: What is cracktivator software? 
*   9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution 
*   Talos Takes Ep. #159: What happens when you actually click the "report spam" button?  

**Upcoming events where you can find Talos **

**Black Hat Middle East and Africa** **(Nov. 16)** 

Riyadh, Saudi Arabia 

> _Rami Atalhi from Talos Incident Response will discuss how generative AI affects red and blue teams in cybersecurity. Discover how generative AI creates a bridge between these teams, fostering teamwork and innovative strategies. Real-world cases will demonstrate how generative AI drives success, providing insights for building resilient cybersecurity plans._ 

**misecCON** **(Nov. 17)** 

Lansing, Michigan 

> _Terryn Valikodath from Talos Incident Response will deliver a talk providing advice on the best ways to conduct analysis, learning from his years of experience (and mishaps). He will speak about the everyday tasks he and his Talos IR teammates must go through to properly perform analysis. This talk covers topics such as planning, finding evil, recording findings, correlation and creating your own timelines._ 

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** b9ddbd1a4cec61e6b022a275d66312b5b676f9a0a9537a7708de9aa8ce34de59   
**MD5:** 3b100bdcd61bb1da816cd7eaf9ef13ba   
**Typical Filename:** vt-upload-C6In1   
**Claimed Product:** N/A    
**Detection Name:** Backdoor:KillAV-tpd 

**SHA 256:** 85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5   
**MD5:** 8c80dd97c37525927c1e549cb59bcbf3     
**Typical Filename:** Eternalblue-2.2.0.exe     
**Claimed Product:** N/A     
**Detection Name:** Win.Exploit.Shadowbrokers::5A5226262.auto.talos 

**SHA 256:** e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934    
**MD5:** 93fefc3e88ffb78abb36365fa5cf857c    
**VirusTotal:** Typical Filename: Wextract    
**Claimed Product:** Internet Explorer    
**Detection Name:** PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg 

**SHA 256:** 744c5a6489370567fd8290f5ece7f2bff018f10d04ccf5b37b070e8ab99b3241   
**MD5:** a5e26a50bf48f2426b15b38e5894b189   
**Typical Filename:** a5e26a50bf48f2426b15b38e5894b189.vir   
**Claimed Product:** N/A   
**Detection Name:** Win.Dropper.Generic::1201 

**SHA 256: 1fa0222e5ae2b891fa9c2dad1f63a9b26901d825dc6d6b9dcc6258a985f4f9ab**   
**MD5:** 4c648967aeac81b18b53a3cb357120f4   
**Typical Filename:** yypnexwqivdpvdeakbmmd.exe   
**Claimed Product:** N/A    
**Detection Name:** Win.Dropper.Scar::1201

How helpful are estimates about how much cyber attacks cost?


Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.

_This page contains information regarding security vulnerabilities that may impact Tenable's products. This may include issues specific to our software, or due to the use of third-party libraries within our software. Tenable strongly encourages users to ensure that they upgrade or apply relevant patches in a timely manner._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

Tenable Advisory ID

TNS-2023-34

Credit

Will Dormann - CVE-2023-5622 / CVE-2023-5623

CVSSv3 Base / Temporal Score

7.1 / 6.4 (CVE-2023-5622)

7.0 / 6.3 (CVE-2023-5623)

7.2 / 6.5 (CVE-2023-5624)

6.1 / 5.3 (CVE-2018-25050)

6.1 / 5.5 (CVE-2021-23445)

5.3 / 4.6 (CVE-2023-0465)

5.3 / 4.6 (CVE-2023-0466)

5.9 / 5.2 (CVE-2023-1255)

5.3 / 4.6 (CVE-2023-2650)

5.3 / 4.6 (CVE-2023-3817)

5.3 / 4.6 (CVE-2023-3446)

7.5 / 6.7 (CVE-2023-38039)

7.8 / 6.8 (CVE-2023-4807)

CVSSv3 Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C (CVE-2023-5622)

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C (CVE-2023-5623)

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C (CVE-2023-5624)

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C (CVE-2018-25050)

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C (CVE-2021-23445)

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C (CVE-2023-0465)

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C (CVE-2023-0466)

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2023-1255)

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C (CVE-2023-2650)

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C (CVE-2023-3817)

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C (CVE-2023-3446)

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C (CVE-2023-38039)

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C (CVE-2023-4807)

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Tenable Nessus Professional Free**

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

**NEW - Tenable Nessus Expert  
Now Available**

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. **Click here to Try Nessus Expert.**

Fill out the form below to continue with a Nessus Pro Trial.

**Buy Tenable Nessus Professional**

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable.io

BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Tenable Web App Scanning**

_Formerly Tenable.io Web Application Scanning_

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

**Buy Tenable Web App Scanning**

_Formerly Tenable.io Web Application Scanning_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable Lumin**

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable Security Center**

_Formerly Tenable.sc_

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable OT Security**

_Formerly Tenable.ot_

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Request a demo of Tenable Identity Exposure**

_Formerly Tenable.ad_

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Request a Demo of Tenable Cloud Security**

_**Exceptional unified cloud security awaits you!**_

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

**See  
Tenable One  
In Action**

Exposure management for the modern attack surface.

**See Tenable Attack Surface Management In Action**

_Formerly Tenable.asm_

Know the exposure of every asset on any platform.

**Thank You**

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

**Try Tenable Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Tenable Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Tenable Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Try Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Tenable Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

CVE-2023-5622: [R1] Nessus Network Monitor 6.3.0 Fixes Multiple Vulnerabilities




The application suffers from a privilege escalation vulnerability. A 
user with read permissions can elevate privileges by sending a HTTP POST
 to set a parameter.









 

Home About Us Products

NEWPolyEco1000 Transmitters FM Radio systems Radio link Changeover Options

Support News Contacts

Logout

 

      

  

 

*   About Us
*   Products
    *   NEWPolyEco1000
    *   Transmitters
    *   FM Radio systems
    *   Radio link
    *   Changeover
    *   Options
*   Support
*   Support
*   News
*   Contacts
*   Logout
|*   en
    *   IT EN ES FR ZH RU AR
 

**Contacts****Transmitting the world**

Registered Office & Operational Headquarters  
Via Toscana 57/59 - 20090 Buccinasco +39 02 45713300 +39 02 45713351 info@sielco.org

I declare that I have read the privacy policy and accept the processing of my personal data.

Send message

Sielco S.r.l  
Via Toscana 57/59 - 20090 - Buccinasco - (MI)  
Phone: +39 02 45713300 | Fax: +39 02 45713351 | E-mail: info@sielco.org

Choose language:        

 

Номер НДС: 06409650964  
Cookie & Privacy

© 2023- Powered by CoriWeb & Qcom

CVE-2023-41966: Sielco | Contatti

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser.
"An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using

Data Security / Vulnerability

A group of academics has devised a novel side-channel attack dubbed **iLeakage** that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser.

"An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution," researchers Jason Kim, Stephan van Schaik, Daniel Genkin, and Yuval Yarom said in a new study.

In a practical attack scenario, the weakness could be exploited using a malicious web page to recover Gmail inbox content and even recover passwords that are autofilled by credential managers.

iLeakage, besides being the first case of a Spectre-style speculative execution attack against Apple Silicon CPUs, also works against all third-party web browsers available for iOS and iPadOS owing to Apple's App Store policy that mandates browser vendors to use Safari's WebKit engine.

Apple was notified of the findings on September 12, 2022. The shortcoming impacts all Apple devices released from 2020 that are powered by Apple's A-series and M-series ARM processors.

The crux of the problem is rooted in the fact that malicious JavaScript and WebAssembly embedded in a web page in one browser tab can surreptitiously read the content of a target website when a victim visits the attacker-controlled web page.

This is accomplished by means of a microarchitectural side-channel that can be weaponized by a malicious actor to infer sensitive information through other variables like timing, power consumption, or electromagnetic emanations.

The side channel that forms the basis of the latest attack is a performance optimization mechanism in modern CPUs called speculative execution, which has been the target of several such similar methods since Spectre came to light in 2018.

While speculative execution is designed as a way to yield a performance advantage by using spare processing cycles to execute program instructions in an out-of-order fashion when encountering a conditional branch instruction whose direction depends on preceding instructions whose execution is not completed yet.

The cornerstone of this technique is to make a prediction as to the path that the program will follow, and speculatively execute instructions along the path. When the prediction turns out to be correct, the task is completed quicker than it would have taken otherwise.

But when a misprediction occurs, the results of the speculative execution are abandoned and the processor resumes along the correct path. That said, these erroneous predictions leave behind certain traces in the cache.

Attacks like Spectre involve inducing a CPU to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via the side channel.

In other words, by coercing CPUs into mispredicting sensitive instructions, the idea is to enable an attacker (through a rogue program) to access data associated with a different program (i.e., victim), effectively breaking down isolation protections.

iLeakage not only bypasses hardening measures incorporated by Apple, but also implements a timer-less and architecture-agnostic method that leverages race conditions to distinguish individual cache hits from cache misses when two processes -- each associated with the attacker and the target -- run on the same CPU.

This gadget then forms the basis of a covert channel that ultimately achieves an out-of-bounds read anywhere in the address space of Safari's rendering process, resulting in information leakage.

While chances of this vulnerability being used in practical real-world attacks are unlikely owing to the technical expertise required to pull it off, the research underscores the continued threats posed by hardware vulnerabilities even after all these years.

News of iLeakage comes months after cybersecurity researchers revealed details of a trifecta of side-channel attacks – Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569) – that could be exploited to leak sensitive data from modern CPUs.

It also follows the discovery of RowPress, a variant of the RowHammer attack on DRAM chips and an improvement over BlackSmith that can be used to cause bitflips in adjacent rows, leading to data corruption or theft.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#web