-
A sophisticated phishing-as-a-service (PhaaS) platform called Darcula has set its sights on organizations in over 100 countries by leveraging a massive network of more than 20,000 counterfeit domains to help cyber criminals launch attacks at scale. “Using iMessage and RCS rather than SMS to send text messages has the side effect of bypassing SMS firewalls, which is being used to great
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and education.
The latest update, Wireshark 4.2.4, includes a host of fixes and updates to further cement its position as the go-to tool for network professionals and enthusiasts alike.
This release underscores the Wireshark Foundation’s commitment to advancing protocol analysis education, a mission supported by contributions from the global community.
Addressing Vulnerabilities and Enhancements
Fixed Vulnerabilities
The Wireshark team has diligently addressed several vulnerabilities in this release, notably:
- wnpa-sec-2024-06 T.38 Dissector Crash (CVE-2024-2955): A critical fix that prevents crashes related to the T.38 protocol dissection, enhancing the stability and security of the application.
Contested CVEs
Wireshark has also been the subject of CVEs assigned without coordination with the project, specifically CVE-2024-24478, CVE-2024-24479, and CVE-2024-24476.
The Wireshark team has contested these, stating they are based on invalid assumptions, and has requested their rejection, showcasing the team’s proactive stance on security matters.
Bug Fixes
The 4.2.4 update addresses a variety of bugs, improving user experience and software reliability:
- Issues with Extcap configuration not starting and TLS secrets injection causing crashes on Windows have been resolved.
- To ensure smoother operation and analysis, fixes have been made for packet dissection CSV export, HTTP dissector port addition, and various fuzz job issues.
- An error related to adding new rows to tables has been corrected alongside the ‘–export-objects’ functionality in shark versions later than 3.2.10.
Protocol and Feature Updates
While this release does not introduce new features or protocols, it significantly updates support for many existing protocols, including but not limited to 5GLI, BGP, DHCPv6, and ZigBee ZCL.
This comprehensive update ensures that Wireshark remains at the forefront of protocol analysis, capable of handling the latest network communication standards.
Installation and Support
Wireshark 4.2.4 can be downloaded from the official Wireshark website, and detailed instructions for installation across various platforms are available.
Manual installation of this update is required for users upgrading from versions 4.2.0 or 4.2.1 on Windows.
Most Linux and Unix distributions provide Wireshark packages through their native package management systems, making installation or upgrade seamless.
For specific file locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries, users can refer to the Help section within Wireshark or use the tshark -G folders command.
Wireshark 4.2.4 exemplifies the ongoing dedication of the Wireshark Foundation and its global community to enhance the utility and security of the world’s premier network protocol analyzer.
This release ensures that Wireshark remains an indispensable tool for network professionals and enthusiasts by addressing critical vulnerabilities, fixing bugs, and updating protocol support.
As the project continues to evolve, the support and contributions from the community remain vital to its success.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Wireshark 4.2.4 Released: Whatβs New! appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered platform designed to redefine how we work.
This innovative solution aims to streamline communication, enhance collaboration, and boost productivity. It addresses the challenges of dispersed teams and the overload of information that has become all too common in today’s work environment.
Recent studies, including a 2023 Morning Consult report commissioned by Zoom, highlight a growing concern among knowledge workers.
More than half report spending significant time each week on tasks such as sharing notes and action items, contributing to what has been dubbed the “collaboration paradox.”
This paradox refers to the increased effort in collaboration that, paradoxically, hampers effective teamwork and engagement.
Furthermore, an OpenText study found that 80% of global workers experience information overload, exacerbating the issue.
Introducing Zoom Workplace
Zoom Workplace emerges as a beacon of innovation, designed to combat these challenges head-on.
Zoom aims to simplify tasks, foster engagement, and enhance productivity by integrating AI capabilities across its platform.
This comprehensive solution combines Zoom’s trusted communication tools with added features for employee engagement, workspace optimization, and productivity, all underpinned by AI technology.
AI Companion: A Game-Changer
At the heart of Zoom Workplace is the Zoom AI Companion, an AI assistant that promises to revolutionize productivity.
With capabilities such as summarizing meeting and chat threads, brainstorming assistance, and rapid composition of chats and email drafts, the AI Companion is designed to save valuable time and enhance the quality of work.
Notably, a GigaOm study commissioned by Zoom highlights the AI Companion’s transcription accuracy at 95%, and its ability to deliver results four times faster than its predecessors.
Seamless Collaboration and Engagement
Zoom Workplace introduces several key features aimed at improving the collaboration experience:
- Meetings Tab: Streamlines the entire meeting lifecycle, from preparation to collaboration during the meeting and follow-up actions.
- Team Chat Innovations: Includes shared spaces and new tabs to organize channel-related assets, enhancing team collaboration.
- Employee Engagement: Integrated with Workvivo, Zoom Workplace offers tools for creating a sense of belonging through shoutouts, team spaces, and surveys.
- Optimized In-Person and Flexible Work: Features such as Workspace Reservation and Visitor Management help optimize the in-office experience, addressing the challenges of flexible work arrangements.
Open Platform and Integration
Zoom Workplace stands out not only for its AI capabilities but also for its openness and flexibility.
With over 2,500 integrations available in the Zoom App Marketplace, including those with Microsoft and Google, Zoom Workplace enables seamless experiences. It empowers customers to tailor the platform to their specific needs.
Zoom’s introduction of Zoom Workplace marks a significant milestone in the evolution of digital workspaces.
By leveraging AI to address the collaboration paradox and streamline the work experience, Zoom sets a new standard for productivity and engagement in the modern workplace.
As businesses continue to navigate the challenges of dispersed teams and information overload, Zoom Workplace offers a promising solution that could redefine the future of work.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Zoom Unveils AI-Powered All-In-One AI Work Workplace appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Considering the ever-changing state of cybersecurity, it’s never too late to ask yourself, “am I doing what’s necessary to keep my organization’s web applications secure?” The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to organizations all over the world and across the broader spectrum of industries striving to maintain
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
In the whirlwind of modern software development, teams race against time, constantly pushing the boundaries of innovation and efficiency. This relentless pace is fueled by an evolving tech landscape, where SaaS domination, the proliferation of microservices, and the ubiquity of CI/CD pipelines are not just trends but the new norm. Amidst this backdrop, a critical aspect subtly weaves into the
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access memory) attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh (TRR). “This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including two zero-day exploits showcased at the prestigious Pwn2Own 2024 hacking competition.
The update, which affects Chrome users on Windows, Mac, and Linux, elevates the browser version to 123.0.6312.86/.87 for Windows and Mac, and 123.0.6312.86 for Linux, with the rollout expected to reach users progressively over the coming days and weeks.
Security Fixes and Rewards
Google’s latest security update includes fixes for seven vulnerabilities, with a special emphasis on those discovered by external researchers.
The tech giant has a longstanding tradition of rewarding these contributors for identifying and reporting bugs.
This practice enhances Chrome’s security and fosters a collaborative relationship between the company and the cybersecurity community.
Critical CVE-2024-2883: Use After Free in ANGLE
One of the most critical issues addressed in this update is CVE-2024-2883, a use-after-free vulnerability in ANGLE, a cross-platform graphics engine abstraction layer used by Chrome to improve graphics performance on various platforms.
This vulnerability was reported by Cassidy Kim (@cassidy6564) on March 3, 2024, and has been rewarded with a $10,000 bounty. Use-after-free vulnerabilities can lead to arbitrary code execution, making them particularly dangerous.
High CVE-2024-2885: Use After Free in Dawn
Another significant vulnerability patched in this release is CVE-2024-2885, a high-severity use-after-free issue in Dawn, an open-source and cross-platform implementation of the WebGPU standard.
This bug was reported by an entity known as Fuzz on March 11, 2024.
The severity of this vulnerability underscores the importance of timely updates to mitigate potential risks.
High CVE-2024-2886 and CVE-2024-2887: Exploits Unveiled at Pwn2Own 2024
However, the spotlight shines on two high-severity vulnerabilities, CVE-2024-2886 and CVE-2024-2887, unveiled during the Pwn2Own 2024 competition.
CVE-2024-2886, reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, is a use-after-free vulnerability in WebCodecs, a component critical for efficient media content encoding and decoding.
CVE-2024-2887, reported by Manfred Paul, involves type confusion in WebAssembly, a binary instruction format for a stack-based virtual machine that enables high-performance applications on the web.
These discoveries at Pwn2Own highlight the event’s role in identifying and mitigating potential threats before they can be exploited maliciously.
Ongoing Security Efforts
Google also acknowledges the contributions of its internal security team, whose ongoing efforts have led to various fixes identified through internal audits, fuzzing, and other initiatives.
The company’s use of tools like AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL is crucial in detecting and addressing security bugs.
Chrome users are urged to update their browsers immediately to protect against these vulnerabilities.
For those interested in switching release channels or reporting new issues, Google provides resources and a community help forum for assistance and learning about common issues.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post 2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and turning them into bots for the Faceless proxy service.
TheMoon bots grew to over 40,000 in early 2024 and enabled Faceless to gain nearly 7,000 new users weekly.
It identified a botnet targeting end-of-life SOHO/IoT devices in late 2023, which is a variant of the previously dormant TheMoon botnet, that infects devices and enrolls them in the Faceless residential proxy service.Β
Faceless is a successor to the iSocks anonymity service and is popular among cybercriminals for anonymizing their activity, whereas the strong correlation between TheMoon bots and Faceless suggests TheMoon is the main supplier of bots for the Faceless proxy service.
It mapped the Faceless network and observed a campaign targeting 6,000 ASUS routers within 3 days, while Lumen Technologies blocked traffic to/from Faceless and TheMoon infrastructure and released indicators of compromise to disrupt this operation.
An initial loader exploiting shell availability infects the device and then establishes persistence, sets firewall rules for specific IP ranges, and uses a spoofed NTP request to verify internet connectivity.
Following a connection attempt to hardcoded IPs and a potential check-in packet, the malware retrieves a secondary payload (worm or proxy) based on instructions from the C2 server.
The Worm Module spreads by exploiting vulnerable web servers and downloading additional modules and the .sox file. Upon execution, it checks for updates, establishes a connection with the Faceless C2 server, and reads Lumen reports.
If no update file is found, it uses a hardcoded IP address to connect, and upon receiving the update file, .sox extracts the C2 server address, initiates communication on a random port, and then sends additional scripts to update C2 information or removes traces of the malware, re
The investigation revealed a strong correlation between TheMoon botnet and the Faceless proxy service, where significant overlap between bots communicating with TheMoon and Faceless C2 servers has been observed.
Most new TheMoon bots contacted a Faceless C2 server within 3 days, and both services used the same communication port scheme and founded a Faceless C2 server directly communicating with a TheMoon C2 server, strongly suggesting TheMoon as the primary botnet feeding Faceless.
Global Telemetry Analysis β Faceless
The Moon malware infects devices and communicates with its C2 server, as a subset of these devices are enrolled in the Faceless proxy network, where they receive instructions from Faceless C2s and route traffic through an intermediary server before reaching the final destination.
The network is particularly useful for bypassing geolocation and IP-based blocking, as analysis shows that while 30,000 bots communicate with TheMoon C2 weekly, only 23,000 connect to Faceless C2s, suggesting some devices interact with TheMoon but not Faceless.
It has been suspected that the remaining bots might be used for credential stuffing or financial data exfiltration.
Interestingly, some long-lasting connections originate from known threat actor infrastructure, indicating they might be using Faceless for additional anonymity.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter
The post The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
In June 2017, a study of more than 3,000 Massachusetts Institute of Technology (MIT) students published by the National Bureau for Economic Research (NBER) found that 98% of them were willing to give away their friends’ email addresses in exchange for free pizza. “Whereas people say they care about privacy, they are willing to relinquish private data quite easily when
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ