Posts

Showing posts from 2024

The Hacker News - Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations

Italy's data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users' information to train its service in violation of the European Union's General Data Protection Regulation (GDPR). The authority from The Hacker News https://thehackernews.com/2024/12/italy-fines-openai-15-million-for.html

The Hacker News - LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a from The Hacker News https://thehackernews.com/2024/12/lockbit-developer-rostislav-panev.html

KnowBe4 - James Bond-Style Scamming Profits Explode

Image
There is a type of scam where victims are contacted by someone fraudulently posing as a popular trusted entity (e.g., Amazon, U.S. Post Office, etc.), law enforcement, or an intelligence agency that initially claims to have evidence linking the victim to a global, spy-like scam. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/james-bond-style-scamming-profits-explode

Rapid 7 - Metasploit Weekly Wrap-Up 12/20/2024

Image
New module content (4) GameOver(lay) Privilege Escalation and Container Escape Authors: bwatters-r7, g1vi, gardnerapp, and h00die Type: Exploit Pull request: #19460 contributed by gardnerapp Path: linux/local/gameoverlay_privesc AttackerKB reference: CVE-2023-2640 Description: Adds a module for CVE-2023-2640 and CVE-2023-32629, a local privilege escalation in some Ubuntu kernel versions that abuses overly trusting OverlayFS features. Clinic's Patient Management System 1.0 - Unauthenticated RCE Authors: Aaryan Golatkar and Oğulcan Hami Gül Type: Exploit Pull request: #19733 contributed by aaryan-11-x Path: multi/http/clinic_pms_fileupload_rce AttackerKB reference: CVE-2022-40471 Description: New exploit module for Clinic's Patient Management System 1.0 that targets CVE-2022-40471. The module exploits unrestricted file upload, which can be further used to get remote code execution (RCE) through a malicious PHP file. WordPress WP Time Capsule Arbitrary File Uploa...

The Hacker News - Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are from The Hacker News https://thehackernews.com/2024/12/lazarus-group-spotted-targeting-nuclear.html

The Hacker News - Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows - from The Hacker News https://thehackernews.com/2024/12/sophos-fixes-3-critical-firewall-flaws.html

The Hacker News - Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.  The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted from The Hacker News https://thehackernews.com/2024/12/hackers-exploiting-critical-fortinet.html

The Hacker News - CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that from The Hacker News https://thehackernews.com/2024/12/cisa-adds-critical-flaw-in-beyondtrust.html

Krebs - Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Image
Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix , a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. Araneida Scanner. Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. But on closer inspection they discovered the address contained an HTML title of “ Araneida Customer Panel ,” and found they could search on that text string to find dozens of unique addresses hosting the same service. It soon became apparent that Araneida was being resold as a cloud-based service using a ...

The Hacker News - Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. "While typosquatting attacks are from The Hacker News https://thehackernews.com/2024/12/thousands-download-malicious-npm.html

The Hacker News - Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. "These systems have been infected with the Mirai from The Hacker News https://thehackernews.com/2024/12/juniper-warns-of-mirai-botnet-targeting.html

The Hacker News - Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. "A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files," the from The Hacker News https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html

HACKMAGEDDON - September 2024 Cyber Attacks Statistics

After the corresponding cyber attacks timelines, it’s time to publish the statistics for September 2024 where I collected and analyzed 257 events. During September 2024... from HACKMAGEDDON https://www.hackmageddon.com/2024/12/19/september-2024-cyber-attacks-statistics/

The Hacker News - UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the from The Hacker News https://thehackernews.com/2024/12/uac-0125-abuses-cloudflare-workers-to.html

The Hacker News - INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse

INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming from The Hacker News https://thehackernews.com/2024/12/interpol-pushes-for-romance-baiting-to.html

The Hacker News - Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS from The Hacker News https://thehackernews.com/2024/12/patch-alert-critical-apache-struts-flaw.html

Rapid 7 - Take Command of Your Career: Practicing Self-Advocacy as a Woman in Tech

Image
As the year draws to a close, it’s essential—and often expected—to reflect on our achievements and lessons learned in preparation for annual performance reviews and setting future goals.For women in tech, this reflection period can be an especially powerful tool. The industry often demands that women work harder to prove their worth in spaces where their contributions are sometimes overlooked or undervalued. Performance reviews and goal-setting moments are opportunities to take command of your career, highlight your contributions, and advocate for your worth. Many women, particularly those in male-dominated fields like tech, have been conditioned to prioritize modesty over self-promotion. This can make self-advocacy feel uncomfortable, even though it is essential for career growth. As a result, performance reviews often provoke anxiety instead of empowerment. It’s common for women to downplay their achievements or struggle to articulate their value in a way that feels authentic.Shif...

The Hacker News - CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted from The Hacker News https://thehackernews.com/2024/12/cisa-and-fbi-raise-alerts-on-exploited.html

Schneier - Short-Lived Certificates Coming to Let’s Encrypt

Starting next year : Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event. Because we’ve done so much to encourage automation over the past decade, most of our subscribers aren’t going to have to do much in order to switch to shorter lived certificates. We, on the other hand, are going to have to think about the possibility that we will need to issue 20x as many certificates as we do now. It’s not inconceivable that at some point in our next decade we may need to be prepared to issue 100,000,000 certificates per day. That sounds sort of nuts to me today, but issuing 5,000,000 certificates per day would have sounded crazy to me ten years ago. This is an excellent idea. Sl...

Schneier - Upcoming Speaking Events

This is a current list of where and when I am scheduled to speak: I’m speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM , in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Massachusetts Institute of Technology in Room 32-G449 (Kiva), as well as online via Zoom. Please register in advance if you plan to attend (whether online or in person). The list is maintained on this page . from Schneier on Security https://www.schneier.com/blog/archives/2024/12/upcoming-speaking-events-2.html

The Hacker News - Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action

Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains from The Hacker News https://thehackernews.com/2024/12/germany-disrupts-badbox-malware-on.html

The Hacker News - Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope's Security Efficacy team, told The Hacker News. "The Yokai backdoor itself is not from The Hacker News https://thehackernews.com/2024/12/thai-officials-targeted-in-yokai.html

Schneier - Friday Squid Blogging: Biology and Ecology of the Colossal Squid

Good survey paper . Blog moderation policy. from Schneier on Security https://www.schneier.com/blog/archives/2024/12/friday-squid-blogging-biology-and-ecology-of-the-colossal-squid.html

Rapid 7 - Metasploit Weekly Wrap-Up 12/13/2024

Image
It’s raining RCEs! It's the second week of December and the weather forecast announced another storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and CyberPanel along with two modules to change password through LDAP and SMB protocol. New module content (7) Change Password Author: smashery Type: Auxiliary Pull request: #19671 contributed by smashery Path: admin/ldap/change_password Description: This adds a module that is able to change a user's password knowing the current value or reset a user's password given the necessary permissions using LDAP. SMB Password Change Author: smashery Type: Auxiliary Pull request: #19666 contributed by smashery Path: admin/smb/change_password Description: This adds a module that is able to change a user's password knowing the current value or reset a user's password given the necessary permissions using SMB. WordPress ...

The Hacker News - Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the from The Hacker News https://thehackernews.com/2024/12/critical-openwrt-vulnerability-exposes.html

KnowBe4 - Sophisticated Phishing Campaign Attempts to Bypass SEGs

Image
A widespread phishing campaign is attempting to steal credentials from employees working at dozens of organizations around the world, according to researchers at Group-IB. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/sophisticated-phishing-campaign-attempts-to-bypass-segs

The Hacker News - DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. "The conspirators, who worked for from The Hacker News https://thehackernews.com/2024/12/doj-indicts-14-north-koreans-for-88m-it.html

Schneier - Ultralytics Supply-Chain Attack

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary : On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­—which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection. Lots more details at that link. Also here . Seth Michael Larson has a good summary of what should be done next: From this story, we can see a few places where PyPI can help developers towards a secure configuration without infringing on existing use-cases. API tokens are allowed to go unused alongside Trusted Publishers. It’s valid for a project to use a mix of API tokens and Trusted Publishers because Trusted Publishers aren’t universally supported by all platforms. H...

The Hacker News - How to Generate a CrowdStrike RFM Report With AI in Tines

Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform.  Their bi-annual “You Did What with Tines?!” competition highlights some of the most interesting workflows submitted by their from The Hacker News https://thehackernews.com/2024/12/how-to-generate-crowdstrike-rfm-report.html

KnowBe4 - Be Careful of Malicious Ads

Image
For decades, we have all been warned to be appropriately skeptical of internet search engine results. Sadly, most people are not. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/be-careful-of-malicious-ads

Black Hills InfoSec - The Top Ten List of Why You Got Popped This Year (2023/2024) 

Image
by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […] The post The Top Ten List of Why You Got Popped This Year (2023/2024)  appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/top-ten-list-of-why-you-got-popped-this-year-2023-2024/

The Hacker News - Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both from The Hacker News https://thehackernews.com/2024/12/gamaredon-deploys-android-spyware.html

Rapid 7 - Navigating Choppy Waters: Top Security Predictions from Rapid7's 2025 Webinar

Image
It's that time of year again — one year is ending and another is set to begin.. And what a year it's been for the security community! The sheer scale of incidents has left SecOps teams breathless, so thinking about what could be in store next year can be overwhelming. But there's no need to panic; despite the disruption, the community has rallied together and risen to the challenge, demonstrating adaptability, collaboration, and resilience. And, most of all, why this industry isn't for the faint of heart! Over the last few years, we've seen significant interest in our annual Security Predictions webinar . Security teams use the session to take stock of the current year and use the predictions to get a head start on planning for the next. This year, the webinar was shot in person from Rapid7's office in Belfast, a city that has emerged as a modern tech innovation hub . From its origins as the shipyards that birthed the Titanic, Belfast's history is a test...

The Hacker News - SaaS Budget Planning Guide for IT Professionals

SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it’s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect both the bottom line and employee productivity.  In this article, we’ll break down this topic from The Hacker News https://thehackernews.com/2024/12/saas-budget-planning-guide-for-it.html

The Hacker News - WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it from The Hacker News https://thehackernews.com/2024/12/wordpress-hunk-companion-plugin-flaw.html

The Hacker News - Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically from The Hacker News https://thehackernews.com/2024/12/secret-blizzard-deploys-kazuar-backdoor.html

The Hacker News - New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. " from The Hacker News https://thehackernews.com/2024/12/new-malware-technique-could-exploit.html

KnowBe4 - Nearly Half a Billion Emails in 2024 Were Malicious

Image
A new report from Hornetsecurity has found that 427.8 million emails received by businesses in 2024 contained malicious content. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/nearly-half-a-billion-emails-in-2024-were-malicious

The Hacker News - ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell from The Hacker News https://thehackernews.com/2024/12/zloader-malware-returns-with-dns.html

The Hacker News - Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team from The Hacker News https://thehackernews.com/2024/12/researchers-uncover-espionage-tactics.html

Schneier - Jailbreaking LLM-Controlled Robots

Surprising no one, it’s easy to trick an LLM-controlled robot into ignoring its safety instructions. from Schneier on Security https://www.schneier.com/blog/archives/2024/12/jailbreaking-llm-controlled-robots.html

Rapid 7 - Patch Tuesday - December 2024

Image
Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday . Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row, Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as critical severity at time of publication. Today sees the publication of 16 critical remote code execution (RCE) vulnerabilities, which is more than usual. Two browser vulnerabilities have already been published separately this month, and are not included in the total. Common Log File System: zero-day EoP This month’s zero-day vulnerability is CVE-2024-49138 , an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver, a general-purpose Windows logging service that can be used by software clients running in user-mode or kernel-mode. Exploitation leads to SYSTEM privileges, and if this ...