CISA on Wednesday warned that three older flaws in GeoServer, Linux kernel, and Roundcube webmail are exploited in the wild.
The post CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities appeared first on SecurityWeek.
Newcastle will do everything in their power to keep Alexander Isak on Tyneside and have let Chelsea and Arsenal know that it would take an astronomical offer to alter that stance.
Chelsea have made an initial inquiry for the Sweden striker but, given that clubβs problems with Βmeeting profitability and susΒtainability rules (PSR), there is considerable doubt at St Jamesβ Park that they would be capable of paying a sum possibly well in excess of Β£100m for the 24-year-old.
Continue reading...Β© Photograph: Lee Parker/CameraSport/Getty Images
Β© Photograph: Lee Parker/CameraSport/Getty Images
Exploitation attempts targeting CVE-2024-5806, a critical MOVEit Transfer vulnerability patched recently, have started.
The post Exploitation Attempts Target New MOVEit Transfer Vulnerability appeared first on SecurityWeek.
A Mirai-like botnet has started exploiting a critical-severity vulnerability in discontinued Zyxel NAS products.
The post Recent Zyxel NAS Vulnerability Exploited by Botnet appeared first on SecurityWeek.
Β© Philip Cheung for The New York Times
Google has recently issued a warning regarding a critical security flaw affecting Google Pixel Firmware, which has been actively exploited as a zero-day vulnerability. Identified as CVE-2024-32896, this high-severity issue involves an elevation of privilege, potentially allowing attackers to gain unauthorized access on affected devices. Nature of the Memory-Related Vulnerability Β The zero-day exploit in [β¦]
The post Google Pixel Firmware Zero-Day Flaw Exploited And Patched appeared first on TuxCare.
The post Google Pixel Firmware Zero-Day Flaw Exploited And Patched appeared first on Security Boulevard.
Β© SMLXL Company
Threat actors are exploiting a recent path traversal vulnerability in SolarWinds Serv-U using public PoC code.
The post Recent SolarWinds Serv-U Vulnerability Exploited in the Wild appeared first on SecurityWeek.
On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from its inception is a fabricated identity.
Radaris is just one cog in a sprawling network of people-search properties online that sell highly detailed background reports on U.S. consumers and businesses. Those reports typically include the subjectβs current and previous addresses, partial Social Security numbers, any known licenses, email addresses and phone numbers, as well as the same information for any of their immediate relatives.
Radaris has a less-than-stellar reputation when it comes to responding to consumers seeking to have their reports removed from its various people-search services. That poor reputation, combined with indications that the true founders of Radaris have gone to extraordinary lengths to conceal their stewardship of the company, was what prompted KrebsOnSecurity to investigate the origins of Radaris in the first place.
On April 18, KrebsOnSecurity received a certified letter (PDF) from Valentin βValβ Gurvits, an attorney with the Boston Law Group, stating that KrebsOnSecurity would face a withering defamation lawsuit unless the Radaris story was immediately retracted and an apology issued to the two brothers named in the story as co-founders.
That March story worked backwards from the email address used to register radaris.com, and charted an impressive array of data broker companies created over the past 15 years by Massachusetts residents Dmitry and Igor Lubarsky (also sometimes spelled Lybarsky or Lubarski). Dmitry goes by βDan,β and Igor uses the name βGary.β
Those businesses included numerous websites marketed to Russian-speaking people who are new to the United States, such as russianamerica.com, newyork.ru, russiancleveland.com, russianla.com, russianmiami.com, etc. Other domains connected to the Lubarskys included Russian-language dating and adult websites, as well as affiliate programs for their international calling card businesses.
A mind map of various entities apparently tied to Radaris and the companyβs co-founders. Click to enlarge.
The story on Radaris noted that the Lubarsky brothers registered most of their businesses using a made-up name β βGary Norden,β sometimes called Gary Nord or Gary Nard.
Mr. Gurvitsβ letter stated emphatically that my reporting was lazy, mean-spirited, and obviously intended to smear the reputation of his clients. By way of example, Mr. Gurvits said the Lubarskys were actually Ukrainian, and that the story painted his clients in a negative light by insinuating that they were somehow associated with Radaris and with vaguely nefarious elements in Russia.
But more to the point, Mr. Gurvits said, neither of his clients were Gary Norden, and neither had ever held any leadership positions at Radaris, nor were they financial beneficiaries of the company in any way.
βNeither of my clients is a founder of Radaris, and neither of my clients is the CEOs of Radaris,β Gurvits wrote. βAdditionally, presently and going back at least the past 10 years, neither of my clients are (or were) officers or employees of Radaris. Indeed, neither of them even owns (or ever owned) any equity in Radaris. In intentional disregard of these facts, the Article implies that my clients are personally responsible for Radarisβ actions. Therefore, you intentionally caused all negative allegations in the Article made with respect to Radaris to be imputed against my clients personally.β
Dan Lubarskyβs Facebook page, just prior to the March 8 story about Radaris, said he was from Moscow.
We took Mr. Gurvitsβ word on the ethnicity of his clients, and adjusted the story to remove a single mention that they were Russian. We did so even though Dan Lubarskyβs own Facebook page said (until recently) that he was from Moscow, Russia.
KrebsOnSecurity asked Mr. Gurvits to explain precisely which other details in the story were incorrect, and replied that we would be happy to update the story with a correction if they could demonstrate any errors of fact or omission.
We also requested specifics about several aspects of the story, such as the identity of the current Radaris CEO β listed on the Radaris website as βVictor K.β Mr. Gurvits replied that Radaris is and always has been based in Ukraine, and that the companyβs true founder βEugene Lβ is based there.
While Radaris has claimed to have offices in Massachusetts, Cyprus and Latvia, its website has never mentioned Ukraine. Mr. Gurvits has not responded to requests for more information about the identities of βEugene Lβ or βVictor K.β
Gurvits said he had no intention of doing anyoneβs reporting for them, and that the Lubarskys were going to sue KrebsOnSecurity for defamation unless the story was retracted in full. KrebsOnSecurity replied that journalists often face challenges to things that they report, but it is more than rare for one who makes a challenge to take umbrage at being asked for supporting information.
On June 13, Mr. Gurvits sent another letter (PDF) that continued to claim KrebsOnSecurity was defaming his clients, only this time Gurvits said his clients would be satisfied if KrebsOnSecurity just removed their names from the story.
βUltimately, my clients donβt care what you say about any of the websites or corporate entities in your Article, as long as you completely remove my clientsβ names from the Article and cooperate with my clients to have copies of the Article where my clientsβ names appear removed from the Internet,β Mr. Gurvits wrote.
The June 13 letter explained that the name Gary Norden was a pseudonym invented by the Radaris marketing division, but that neither of the Lubarsky brothers were Norden.
This was a startling admission, given that Radaris has quoted the fictitious Gary Norden in press releases published and paid for by Radaris, and in news media stories where the company is explicitly seeking money from investors. In other words, Radaris has been misrepresenting itself to investors from the beginning. Hereβs a press release from Radaris that was published on PR Newswire in April 2011:
A press release published by Radaris in 2011 names the CEO of Radaris as Gary Norden, which was a fake name made up by Radarisβ marketing department.
In April 2014, the Boston Business Journal published a story (PDF) about Radaris that extolled the companyβs rapid growth and considerable customer base. The story noted that, βto date, the company has raised less than $1 million from Cyprus-based investment company Difive.β
βWe live in a world where information becomes much more broad and much more available every single day,β the Boston Business Journal quoted Radarisβ fake CEO Gary Norden, who by then had somehow been demoted from CEO to vice president of business development.
A Boston Business Journal story from April 2014 quotes the fictitious Radaris CEO Gary Norden.
βWe decided there needs to be a service that allows for ease of monitoring of information about people,β the fake CEO said. The story went on to say Radaris was seeking to raise between $5 million and $7 million from investors in the ensuing months.
In his most recent demand letter, Mr. Gurvits helpfully included resumes for both of the Lubarsky brothers.
Dmitry Lubarskyβs resume states he is the owner of Difive.com, a startup incubator for IT companies. Recall that Difive is the same company mentioned by the fake Radaris CEO in the 2014 Boston Business Journal story, which said Difive was the companyβs initial and sole investor.
Difiveβs website in 2016 said it had offices in Boston, New York, San Francisco, Riga (Latvia) and Moscow (nothing in Ukraine). Meanwhile, DomainTools.com reports difive.com was originally registered in 2007 to the fictitious Gary Norden from Massachusetts.
Archived copies of the Difive website from 2017 include a βPortfolioβ page indexing all of the companies in which Difive has invested. That list, available here, includes virtually every βGary Nordenβ domain name mentioned in my original report, plus a few that escaped notice earlier.
Dan Lubarskyβs resume says he was CEO of a people search company called HumanBook. The Wayback machine at archive.org shows the Humanbook domain (humanbook.com) came online around April 2008, when the company was still in βbetaβ mode.
By August 2008, however, humanbook.com had changed the name advertised on its homepage to Radaris Beta. Eventually, Humanbook simply redirected to radaris.com.
Archive.orgβs record of humanbook.com from 2008, just after its homepage changed to Radaris Beta.
Astute readers may notice that the domain radaris.com is not among the companies listed as Difive investments. However, passive domain name system (DNS) records from DomainTools show that between October 2023 and March 2024 radaris.com was hosted alongside all of the other Gary Norden domains at the Internet address range 38.111.228.x.
That address range simultaneously hosted every domain mentioned in this story and in the original March 2024 report as connected to email addresses used by Gary Norden, including radaris.com, radaris.ru, radaris.de, difive.com, privet.ru, blog.ru, comfi.com, phoneowner.com, russianamerica.com, eprofit.com, rehold.com, homeflock.com, humanbook.com and dozens more. A spreadsheet of those historical DNS entries for radaris.com is available here (.csv).
Image: DomainTools.com
The breach tracking service Constella Intelligence finds just two email addresses ending in difive.com have been exposed in data breaches over the years: dan@difive.com, and gn@difive.com. Presumably, βgnβ stands for Gary Norden.
A search on the email address gn@difive.com via the breach tracking service osint.industries reveals this address was used to create an account at Airbnb under the name Gary, with the last four digits of the accountβs phone number ending in β0001.β
Constella Intelligence finds gn@difive.com was associated with the Massachusetts number 617-794-0001, which was used to register accounts for βIgor Lybarskyβ from Wellesley or Sherborn, Ma. at multiple online businesses, including audiusa.com and the designer eyewear store luxottica.com.
The phone number 617-794-0001 also appears for a βGary Nardβ user at russianamerica.com. Igor Lubarskyβs resume says he was the manager of russianamerica.com.
DomainTools finds 617-794-0001 is connected to registration records for three domains, including paytone.com, a domain that Dan Lubarskyβs resume says he managed. DomainTools also found that number on the registration records for trustoria.com, another major consumer data broker that has an atrocious reputation, according to the Better Business Bureau.
Dan Lubarskyβs resume says he was responsible for several international telecommunications services, including the website comfi.com. DomainTools says the phone number connected to that domain β 617-952-4234 β was also used on the registration records for humanbook.net/biz/info/mobi/us, as well as for radaris.me, radaris.in, and radaris.tel.
Two other key domains are connected to that phone number. The first is barsky.com, which is the website for Barsky Estate Realty Trust (PDF), a real estate holding company controlled by the Lubarskys. Naturally, DomainTools finds barsky.com also was registered to a Gary Norden from Massachusetts. But the organization listed in the barsky.com registration records is Comfi Inc., a VOIP communications firm that Dan Lubarskyβs resume says he managed.
The other domain of note is unipointtechnologies.com. Dan Lubarskyβs resume says he was the CEO of Wellesley Hills, Mass-based Unipoint Technology Inc. In 2012, Unipoint was fined $179,000Β by theΒ U.S. Federal Communications Commission, which said the company had failed to apply for a license to provide international telecommunications services.
A pandemic assistance loan granted in 2020 to Igor Lybarsky of Sherborn, Ma. shows he received the money to an entity called Norden Consulting.
Notice the name on the recipient of this government loan for Igor Lybarsky from Sherborn, Ma: Norden Consulting.Β
The 2011 Radaris press release quoting their fake CEO Gary Norden said the company had four patents pending from a team of computer science PhDs. According to the resume shared by Mr. Gurvits, Dan Lubarsky has a PhD in computer science.
The U.S. Patent and Trademark Office (PTO) says Dan Lubarsky/Lubarski has at least nine technology patents to his name. The fake CEO press release from Radaris mentioning its four patents was published in April 2011. By that time, the PTO says Dan Lubarsky had applied for exactly four patents, including, βSystem and Method for a Web-Based People Directory.β The first of those patents, published in 2009, is tied to Humanbook.com, the company Dan Lubarsky founded that later changed its name to Radaris.
If the Lubarskys were never involved in Radaris, how do they or their attorney know the inside information that Gary Norden is a fiction of Radarisβ marketing department? KrebsOnSecurity has learned that Mr. Gurvits is the same attorney responding on behalf of Radaris in a lawsuit against the data broker filed earlier this year by Atlas Data Privacy.
Mr. Gurvits also stepped forward as Radarisβ attorney in a class action lawsuit the company lost in 2017 because it never contested the claim in court. When the plaintiffs told the judge they couldnβt collect on the $7.5 million default judgment, the judge ordered the domain registry Verisign to transfer the radaris.com domain name to the plaintiffs.
Mr. Gurvits appealed the verdict, arguing that the lawsuit hadnβt named the actual owners of the Radaris domain name β a Cyprus company called Bitseller Expert LimitedΒ β and thus taking the domain away would be a violation of their due process rights.
The judge ruled in Radarisβ favor β halting the domain transfer β and told the plaintiffs they could refile their complaint. Soon after, the operator of Radaris changed from Bitseller to Andtop Company, an entity formed (PDF) in the Marshall Islands in Oct. 2020. Andtop also operates the aforementioned people-search service Trustoria.
Mr. Gurvitsβ most-publicized defamation case was a client named Aleksej Gubarev, a Russian technology executive whose name appeared in the Steele Dossier. That document included a collection of salacious, unverified information gathered by the former British intelligence officer Christopher Steele during the 2016 U.S. presidential campaign at the direction of former president Donald Trumpβs political rivals.
Gubarev, the head of the IT services company XBT Holding and the Florida web hosting firm Webzilla, sued BuzzFeed for publishing the Steele dossier. One of the items in the dossier alleged that XBT/Webzilla and affiliated companies played a key role in the hack of Democratic Party computers in the spring of 2016. The memo alleged Gubarev had been coerced into providing services to Russiaβs main domestic security agency, known as the FSB.
In December 2018, a federal judge in Miami ruled in favor of BuzzFeed, saying the publication was protected by the fair report privilege, which gives news organizations latitude in reporting on official government proceedings.
Radaris was originally operated by Bitseller Expert Limited. Who owns Bitseller Expert Limited? A report (PDF) obtained from the Cyprus business registry shows this company lists its director as Pavel Kaydash from Moscow. Mr. Kaydash could not be reached for comment.
Enlarge (credit: Getty Images | Ronald Martinez)
AT&T is imposing $10 and $20 monthly price hikes on users of older unlimited wireless plans starting in August 2024, the company announced. The single-line price of these 10 "retired" plans will increase by $10 per month, while customers with multiple lines on a plan will be hit with a total monthly increase of $20.
"If you have a single line of service on your plan, your monthly plan charge will increase by $10. If you have multiple lines on your plan, your monthly plan charge will increase by a total of $20. This is the total monthly increase, not per line increase," AT&T said.
AT&T has offered a dizzying array of "unlimited" data plans over the years, all with different limits and perks. While unlimited plans let customers avoid overage fees, speeds can be slowed once customers hit their high-speed data limit. There are also limits on the usage of hotspot data.
A British man has been arrested in Spain for allegedly being the ringleader of the notorious Scattered Spider cybercrime group.
The post UK Man Suspected of Being βScattered Spiderβ Leader Arrested appeared first on SecurityWeek.
CISA urges federal agencies to apply mitigations for an exploited Progress Telerik vulnerability as soon as possible.
The post CISA Warns of Progress Telerik Vulnerability Exploitation appeared first on SecurityWeek.
The TellYouThePass ransomware gang started exploiting a recent code execution flaw in PHP days after public disclosure.
The post Ransomware Group Exploits PHP Vulnerability Days After Disclosure appeared first on SecurityWeek.
UK authorities have arrested two individuals for allegedly using a homemade mobile antenna to send mass text messages.
The post Two Arrested in UK for Smishing Campaign Powered by Homemade SMS BlasterΒ appeared first on SecurityWeek.
Arm warns that CVE-2024-4610, a Mali GPU kernel driver vulnerability addressed two years ago, is exploited in attacks.
The post Arm Warns of Exploited Kernel Driver Vulnerability appeared first on SecurityWeek.
GreyNoise has observed a rapid increase in the number of exploitation attempts targeting a recent Check Point VPN zero-day.
The post Exploitation of Recent Check Point VPN Zero-Day Soars appeared first on SecurityWeek.
CISA has added an old Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog.
The post CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability appeared first on SecurityWeek.
PoC code targeting a recent Check Point VPN zero-day has been released as Censys identifies 14,000 internet-accessible appliances.
The post PoC Published for Exploited Check Point VPN Vulnerability appeared first on SecurityWeek.
CISA instructs federal agencies to mitigate CVE-2024-1086, a Linux kernel flaw leading to privilege escalation.
The post CISA Warns of Exploited Linux Kernel Vulnerability appeared first on SecurityWeek.
The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords.
The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek.
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route oneβs Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.
The 911 S5 botnet-powered proxy service, circa July 2022.
From 2015 to July 2022, 911 S5 sold access to hundreds of thousands of Microsoft Windows computers daily, as βproxiesβ that allowed customers to route their Internet traffic through PCs in virtually any country or city around the globe β but predominantly in the United States.
911 built its proxy network mainly by offering βfreeβ virtual private networking (VPN) services. 911βs VPN performed largely as advertised for the user β allowing them to surf the web anonymously β but it also quietly turned the userβs computer into a traffic relay for paying 911 S5 customers.
911 S5βs reliability and extremely low prices quickly made it one of the most popular services among denizens of the cybercrime underground, and the service became almost shorthand for connecting to that βlast mileβ of cybercrime. Namely, the ability to route oneβs malicious traffic through a computer that is geographically close to the consumer whose stolen credit card is about to be used, or whose bank account is about to be emptied.
In July 2022, KrebsOnSecurity published a deep dive into 911 S5, which found the people operating this business had a history of encouraging the installation of their proxy malware by any means available. That included paying affiliates to distribute their proxy software by secretly bundling it with other software.
A cached copy of flashupdate dot net, a pay-per-install affiliate program that incentivized the silent installation of 911βs proxy software.
That story named Yunhe Wang from Beijing as the apparent owner or manager of the 911 S5 proxy service. In todayβs Treasury action, Mr. Wang was named as the primary administrator of the botnet that powered 911 S5.
βA review of records from network infrastructure service providers known to be utilized by 911 S5 and two Virtual Private Networks (VPNs) specific to the botnet operation (MaskVPN and DewVPN) showed Yunhe Wang as the registered subscriber to those providersβ services,β reads the Treasury announcement.
Update, May 29, 12:26 p.m. ET: The U.S. Department of Justice (DOJ) just announced they have arrested Wang in connection with the 911 S5 botnet. The DOJ says 911 S5 customers have stolen billions of dollars from financial institutions, credit card issuers, and federal lending programs.
β911 S5 customers allegedly targeted certain pandemic relief programs,β a DOJ statement on the arrest reads. βFor example, the United States estimates that 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses, resulting in a confirmed fraudulent loss exceeding $5.9 billion. Additionally, in evaluating suspected fraud loss to the Economic Injury Disaster Loan (EIDL) program, the United States estimates that more than 47,000 EIDL applications originated from IP addresses compromised by 911 S5. Millions of dollars more were similarly identified by financial institutions in the United States as loss originating from IP addresses compromised by 911 S5.β
The sanctions say Jingping Liu was Yunhe Wangβs co-conspirator in the laundering of criminally derived proceeds generated from 911 S5, mainly virtual currency. The government alleges the virtual currencies paid by 911 S5 users were converted into U.S. dollars using over-the-counter vendors who wired and deposited funds into bank accounts held by Liu.
βJingping Liu assisted Yunhe Wang by laundering criminally derived proceeds through bank accounts held in her name that were then utilized to purchase luxury real estate properties for Yunhe Wang,β the document continues. βThese individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorize our citizens with bomb threats.β
The third man sanctioned is Yanni Zheng, a Chinese national the U.S. Treasury says acted as an attorney for Wang and his firm β Spicy Code Company Limited β and helped to launder proceeds from the business into real estate holdings. Spicy Code Company was also sanctioned, as well as Wang-controlled properties Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited.
Ten days after the July 2022 story here on 911 S5, the proxy network abruptly closed up shop, citing a data breach that destroyed key components of its business operations.
In the months that followed, however, 911 S5 would resurrect itself under a different name: Cloud Router. Thatβs according to spur.us, a U.S.-based startup that tracks proxy and VPN services. In February 2024, Spur published research showing the Cloud Router operators reused many of the same components from 911 S5, making it relatively simple to draw a connection between the two.
The Cloud Router homepage, which according to Spur has been unreachable since this past weekend.
Spur found that Cloud Router was being powered by a new VPN service called PaladinVPN, which made it much more explicit to users that their Internet connections were going to be used to relay traffic for others. At the time, Spur found Cloud Router had more than 140,000 Internet addresses for rent.
Spur co-founder Riley Kilmer said Cloud Router appears to have suspended or ceased operations sometime this past weekend. Kilmer said the number of proxies advertised by the service had been trending downwards quite recently before the website suddenly went offline.
Cloud Routerβs homepage is currently populated by a message from Cloudflare saying the siteβs domain name servers are pointing to a βprohibited IP.β
Β© Lauren Justice for The New York Times
I have spoken at several TED conferences over the years.
Iβm putting this here because I want all three links in one place.
Login
