Signal introduces convenient "call links" for private group chats The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to join. The highlight feature announced is "call links," which allow users to create and share links with other Signal users without needing to create a group chat. The links can be created from the new "calls" tab in the Signal app and then shared with contacts with a single tap/click. Users can control who joins the secure group chats by requiring admin approval when a new join request is created, so the host can approve or decline them. See more:
BleepingComputer
Signal introduces convenient "call links" for private group chats
The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to j...
 #privacy #signal
TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware A complex phishing campaign attributed to the Iranian-linked threat actor TA455, has been observed using sophisticated techniques to impersonate job recruiters on LinkedIn and other platforms. ClearSky Cyber Security released the report today, which outlines TA455’s methods, targets and infrastructure. The campaign, active since at least September 2023, begins with a spear phishing approach in which TA455 lures individuals with fake job offers. Using LinkedIn to gain trust, the attackers prompt victims to download a ZIP file titled “SignedConnection.zip,” which was flagged as malicious by five antivirus engines. This ZIP file contains an EXE file designed to load malware into the victim’s system through DLL side-loading, where a malicious DLL file called “secur32[.]dll” is loaded instead of a legitimate one, allowing the attacker to run undetected code within a trusted process. See more Infosecurity magazine:
Infosecurity Magazine
TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware
The TA455 phishing campaign used fake job offers on LinkedIn to deploy malware
 The Hackers News:
The Hacker News
Iranian Hackers Use
Iran's TA455 hackers target aerospace with fake jobs and SnailResin malware, emulating North Korean tactics.
 #cybersecurity #phishing #malware
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws Today is Microsoft's November 2024 Patch Tuesday, which includes security updates for 91 flaws, including four zero-days, two of which are actively exploited. This Patch Tuesday fixed four critical vulnerabilities, which include two remote code execution and two elevation of privileges flaws. See more Bleeping Computer:
BleepingComputer
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
Today is Microsoft's November 2024 Patch Tuesday, which includes security updates for 89 flaws, including four zero-days, two of which are act...
 SecurityWeek:
SecurityWeek
Microsoft Confirms Zero-Day Exploitation of Task Scheduler Flaw
Microsoft patched 90 security flaws across the Windows ecosystem warns of zero-day exploitation and code execution risks.
 The Hackers News:
The Hacker News
Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs
Microsoft’s November Patch Tuesday addresses 90 security flaws, including actively exploited NTLM and Task Scheduler vulnerabilities.
 #cybersecurity #zeroday
SAP Patches High-Severity Vulnerability in Web Dispatcher Enterprise software maker SAP on Tuesday announced the release of eight new and two updated security notes as part of its November 2024 security updates. Marked as ‘high priority’, the second most severe rating in SAP’s playbook, the most important of these notes resolves a high-severity vulnerability in Web Dispatcher, the appliance that distributes incoming requests to the adequate SAP instances. In its advisory, SAP describes the security defect, which is tracked as CVE-2024-47590 (CVSS score of 8.8), as a cross-site scripting (XSS) bug. According to enterprise security firm Onapsis, the flaw can be exploited by unauthenticated attackers by creating a malicious page to execute content in the victim’s browser. The vulnerability can be exploited for both XSS and server-side request forgery (SSRF) attacks, leading to remote code execution on the server See more:
SecurityWeek
SAP Patches High-Severity Vulnerability in Web Dispatcher
SAP released eight new security notes on November 2024 patch day, including one addressing a high-severity vulnerability in Web Dispatcher.
 #cybersecurity #sap #patches
Volt Typhoon rebuilds malware botnet following FBI disruption The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard. Volt Typhoon is a Chinese state-sponsored cyberespionage threat group that is believed to have infiltrated critical U.S. infrastructure, among other networks worldwide, since at least five years ago. Their primary strategy involves hacking SOHO routers and networking devices, such as Netgear ProSAFE firewalls, Cisco RV320s, DrayTek Vigor routers, and Axis IP cameras, to install custom malware that establishes covert communication and proxy channels and maintain persistent access to targeted networks. In January 2024, the U.S. authorities announced the disruption of Volt Typhoon's botnet, which involved wiping malware from infected routers. See more:
BleepingComputer
Volt Typhoon rebuilds malware botnet following FBI disruption
The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcemen...
 #cybersecurity #malware
New GitLoker-Linked GoIssue Tool Targets GitHub Users for Phishing SlashNext researchers have discovered a new, sophisticated phishing tool GoIssue targeting GitHub developers. Learn about its capabilities, the impact in case of successful attacks, and how to protect yourself from this growing threat. Cybersecurity researchers at SlashNext have identified a new threat called GoIssue. This advanced tool, possibly linked to the GitLoker extortion campaign, enables attackers to carry out large-scale phishing attacks aimed at GitHub users. According to SlashNext’s investigation, shared with Hackread[.]com ahead of publishing on Tuesday, GoIssue can also harvest email addresses from public GitHub profiles. See more:
New GitLoker-Linked GoIssue Tool Targets GitHub Users for Phishing – Hackread – Cybersecurity News, Data Breaches, AI, and More
 #cybersecurity #phishing
New Citrix Zero-Day Vulnerability Allows Remote Code Execution A new zero-day vulnerability in Citrix’s Session Recording Manager can be exploited to enable unauthenticated remote code execution (RCE) against Citrix Virtual Apps and Desktops, according to watchTowr. The attack surface management provider investigated the architecture behind Citrix’s Session Recording Manager, a feature that provides a record of user activity to help with audits, detecting unusual behavior and troubleshooting problems. See more:
Infosecurity Magazine
New Citrix Zero-Day Vulnerability Allows Remote Code Execution
watchTowr has found a flaw in Citrix’s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps ...
 #cybersecurity #citrix #zeroday #rce
iPhones now auto-restart to block access to encrypted data after long idle times Apple has added a new security feature with the iOS 18.1 update released last month to ensure that iPhones automatically reboot after long idle periods to re-encrypt data and make it harder to extract. While the company has yet to officially confirm this new "inactivity reboot" feature, law enforcement officers were the first to discover it after observing suspects' iPhones restarting while in police custody, as first reported by 404 Media. This switches the idle devices from an After First Unlock (AFU) state to a Before First Unlock (BFU) state, where the devices are more challenging to break using forensic phone unlocking tools. See more:
BleepingComputer
iPhones now auto-restart to block access to encrypted data after long idle times
Apple has added a new security feature with the iOS 18.1 update released last month to ensure that iPhones automatically reboot after long idle per...
 #cybersecurity #ios
FBI Warns US Organizations of Fake Emergency Data Requests Made by Cybercriminals The FBI has issued an alert to warn US-based companies and law enforcement agencies that threat actors are sending fake emergency data requests with the goal of harvesting personally identifiable information (PII). An emergency data request enables law enforcement agencies to obtain information from online service providers in emergency situations, when there is no time to get a subpoena. Emergency data requests have been abused by Lapsus$ and other threat actors, but the FBI has observed a spike in cybercrime forum posts related to the process of emergency data requests. See more:
SecurityWeek
FBI Warns US Organizations of Fake Emergency Data Requests Made by Cybercriminals
The FBI is seeing an increase in threat actors using fake emergency data requests to harvest information from US companies.
 #cybersecurity #privacy
Debt Relief Firm Forth Discloses Data Breach Impacting 1.5 Million People Debt relief solutions provider Forth (Set Forth) is notifying 1.5 million individuals that their personal information was compromised in a May 2024 data breach. See more:
SecurityWeek
Debt Relief Firm Forth Discloses Data Breach Impacting 1.5 Million People
Debt relief firm Set Forth says the personal information of 1.5 million people was compromised in a May 2024 data breach.
 #cybersecurity #databreach