September 2023 – Page 6 – PossibleThreat Articles

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 14 Sep 2023 16:30:00 +0000

Since February 2023, Microsoft has observed a high volume of password spray attacks attributed to Peach Sandstorm, an Iranian nation-state group. In a small number of cases, Peach Sandstorm successfully authenticated to an account and used a combination of publicly available and custom tools for persistence, lateral movement, and exfiltration.

The post Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets appeared first on Microsoft Security Blog.

Microsoft Security

Uncursing the ncurses: Memory corruption vulnerabilities found in library

September 20, 2023 0 Comments

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 14 Sep 2023 11:30:00 +0000

A set of memory corruption vulnerabilities in the ncurses library could have allowed attackers to chain the vulnerabilities to elevate privileges and run code in the targeted program’s context or perform other malicious actions.

The post Uncursing the ncurses: Memory corruption vulnerabilities found in library appeared first on Microsoft Security Blog.

Security TrendMicro

Attacks on 5G Infrastructure From Users’ Devices

September 20, 2023 0 Comments trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : cyber crime, trend micro research : cyber threats, trend micro research : exploits & vulnerabilities, trend micro research : ics ot, trend micro research : iot, trend micro research : malware, trend micro research : mobile, trend micro research : network, trend micro research : privacy & risks

Credit to Author: Salim S.I.| Date: Wed, 20 Sep 2023 00:00:00 +0000

Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks.

MalwareBytes Security

The privacy perils of the Metaverse

September 19, 2023 0 Comments ar, facebook, meta, metaverse, personal, Privacy, reality, safety, Virtual Reality, vr, xr

Categories: Personal

Tags: metaverse

Tags: meta

Tags: Facebook

Tags: VR

Tags: AR

Tags: XR

Tags: reality

Tags: virtual reality

Tags: privacy

Tags: safety

We take a look at the privacy implications of the Metaverse.

(Read more…)

The post The privacy perils of the Metaverse appeared first on Malwarebytes Labs.

MalwareBytes Security

The mystery of the CVEs that are not vulnerabilities

September 19, 2023 0 Comments Business, CVE, cve-2020-19909, Exploits and vulnerabilities, news, nvd, Vulnerabilities

Categories: Business

Categories: Exploits and vulnerabilities

Categories: News

Tags: CVE

Tags: NVD

Tags: vulnerabilities

Tags: CVE-2020-19909

Researchers have raised the alarm about a large set of CVE for older bugs that never were vulnerabilities.

MalwareBytes Security

Microsoft AI researchers accidentally exposed terabytes of sensitive data

September 19, 2023 0 Comments blob, Business, Microsoft, news, sas, secrets, wiz

Categories: Business

Categories: News

Tags: blob

Tags: SAS

Tags: Microsoft

Tags: Wiz

Tags: secrets

Microsoft AI researchers posted a long-living, overly permissive, SAS token on GitHub, exposing 38 TB of data.

MalwareBytes Security

Compromised Free Download Manager website was delivering malware for years

September 19, 2023 0 Comments crond, debian, free download manager, Linux, news, reverse shell

Categories: News

Tags: Free Download Manager

Tags: Linux

Tags: Debian

Tags: crond

Tags: reverse shell

After three years of delivering malware to selected visitors, Free Download Manager was alerted to the fact that its website had been compromised.

Security TrendMicro

Protect CNC Machines in Networked IT/OT Environments

September 19, 2023 0 Comments trend micro ciso : article, trend micro ciso : detection and response, trend micro ciso : digital transformation, trend micro ciso : expert perspective, trend micro ciso : risk management

Credit to Author: William Malik| Date: Tue, 19 Sep 2023 00:00:00 +0000

Networking IT/OT environments is a bit like walking a tightrope, balancing the pursuit of intelligence and efficiency against the risks of exposing OT systems to the wider world. Trend Micro recently teamed up with global machine tool company Celada to identify specific risks associated with industrial CNC machines—and how to mitigate them.

Security TrendMicro