Lions Gate Entertainment Corporation, doing business as Lionsgate, exposed users’ IP addresses and data on the content they saw on its movie-streaming service.  According to Cybernews analysts, Lionsgate Play, a video streaming service, had exposed user information via an open ElasticSearch instance. The platform is run by the Canadian-American entertainment company Lionsgate Entertainment Corporation, which owns several well-known film and television franchises that have become famous, including The Hunger Games, Saw, Terminator, The Twilight Saga, and The Divergent Series. Almost 37 million people worldwide subscribe to Lionsgate, which made $3.6 billion in income the previous year. Leak Caused By an Unprotected ElasticSearch Instance “An unprotected 20GB of server logs that contained nearly 30 million entries, with the oldest dated May 2022. The logs exposed subscribers’ IP addresses and user data concerning device, operating system, and web browser”, explains Cybernews

Australian financial services company Latitude Financial Services is notifying roughly 300,000 customers that their personal information might have been compromised in a data breach. A subsidiary of Deutsche Bank and KKE operating since 2015 and headquartered in Melbourne, Latitude is the largest non-bank lender of consumer credit in Australia, also offering services in New Zealand, under the brand Gem Finance. On Thursday, the company disclosed falling victim to a cyberattack that forced it to suspend services and which also resulted in the theft of customer data. “Latitude Financial has experienced a data theft as the result of what appears to be a sophisticated and malicious cyberattack,” Latitude says in a data breach notice . The attackers, the company says, stole personal information held by two service providers, which served customers in both Australia and New Zealand. According to Latitude, the malicious activity appears to have originated from one of its ven

The Federal Bureau of Investigation (FBI), the Cybersecurity and Information Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) this week issued an alert on the LockBit 3.0 ransomware operation. Since January 2020, LockBit has functioned based on the ransomware-as-a-service (RaaS) model, targeting a broad range of businesses and critical infrastructure entities and using a variety of tactics, techniques, and procedures (TTPs). Also referred to as LockBit Black, LockBit 3.0 has a more modular architecture compared to its previous variants, and supports various arguments that modify its behavior after deployment. To hinder analysis and detection, LockBit 3.0 installers are encrypted, and can only be executed if a password is supplied, the FBI, CISA, and MS-ISAC explain in a joint advisory. The malware also supports specific arguments for lateral movement, can reboot systems in Safe Mode, and performs a language check at runtime to avoid infectin

The Project Zero team at Google has recently found and reported 18 zero-day vulnerabilities in Samsung’s Exynos chipsets, which are mainly used in:- Mobile devices Wearables Automobiles Among the 18 zero-day vulnerabilities, four vulnerabilities were classified as the most serious, as they enabled remote code execution (RCE) over the internet to the baseband. Project Zero researchers conducted tests that confirmed that the four vulnerabilities could be exploited remotely by an attacker in order to compromise a phone’s baseband without requiring any user interaction on the attacker’s part and with only the attacker knowing the victim’s phone number as the only condition. In order to pull off the attack, all that is necessary is the victim’s phone number in order to get the job done. Moreover, it’s also possible for experienced attackers to effortlessly create exploits to remotely breach vulnerable devices without alerting the targets. Affected Devices Samsung Semiconductor announced in

We are bringing here a collection of open-source and commercial Red Team tools that aid in red team operations. This repository will help you with the majority part of red team engagement. Red Team Tools Field Manual Red Team Tools Operations: Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfiltration Misc References Best Red Team Tools 2023 Reconnaissance Active Intelligence Gathering EyeWitness   is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. AWSBucketDump   is a tool to quickly enumerate AWS S3 buckets to look for loot.  AQUATONE   is a set of tools for performing reconnaissance on domain names.  spoofcheck   a program that checks if a domain can be spoofed. The program checks SPF and DMARC records for weak configurations that allow spoofing.  Nmap   is used to discover hosts and services on a computer network,

Web hosting company GoDaddy has revealed that an unauthorized party gained access to its servers and installed malware, causing the intermittent redirection of customer websites. “In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected,” the company wrote in a blog post on Thursday. “Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.” GoDaddy added that working with law enforcement, the company has confirmed the attack was executed by a “sophisticated and organized group” targeting various hosting services. “According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities.” Brad Hong, customer success lead at Horizon3.ai , said that attackers did not “hack” their way into GoDaddy

Multiple cloud tenants hosting Microsoft Exchange servers have been compromised by malicious actors using OAuth apps to spread spam. Microsoft Exchange Servers Used to Spread Spam Image: Microsoft On September 23, 2022, it was stated in a  Microsoft Security blog post  that the attacker "threat actor launched credential stuffing attacks against high-risk accounts that didn’t have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain initial access". By accessing the cloud tenant, the attacker was able to register a phony OAuth application with elevated permissions. The attacker then added a malicious inbound connector within the server, as well as transport rules, which gave them the ability to spread spam via targeted domains while evading detection. The inbound connector and transport rules were also deleted in between each campaign to help the attacker fly under the radar. Spam Campaigns Involving Malicious OAuth Apps Detected