Posts

Showing posts from November, 2024

The Hacker News - Wanted Russian Cybercriminal Linked to Hive and LockBit Ransomware Has Been Arrested

A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present, from The Hacker News https://thehackernews.com/2024/11/wanted-russian-cybercriminal-linked-to.html

Rapid 7 - Metasploit Weekly Wrap-up 11/29/2024

Image
New module content (4) Acronis Cyber Protect/Backup machine info disclosure Authors: Sandro Tolksdorf of usd AG. and h00die-gr3y h00die.gr3y@gmail.com Type: Auxiliary Pull request: #19582 contributed by h00die-gr3y Path: gather/acronis_cyber_protect_machine_info_disclosure AttackerKB reference: CVE-2022-3405 Description: Adds an auxiliary module which exploits Sensitive information disclosure due to an improper authentication vulnerability in Acronis Cyber Protect 15 before build 29486 and Acronis Cyber Backup 12.5 before build 16545. Strapi CMS Unauthenticated Password Reset Authors: WackyH4cker and h00die Type: Auxiliary Pull request: #19654 contributed by h00die Path: scanner/http/strapi_3_password_reset AttackerKB reference: CVE-2019-18818 Description: Adds a module that lets you leverage the mishandling of a password reset request for Strapi CMS version 3.0.0-beta.17.4, which results in the ability to change the password of the admin user. ProjectSend r1295 - r16...

The Hacker News - AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections

A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023. The covert campaign undertaken by Social Design Agency (SDA), leverages videos enhanced using artificial intelligence (AI) and bogus websites impersonating reputable news sources from The Hacker News https://thehackernews.com/2024/11/ai-powered-fake-news-campaign-targets.html

Schneier - Race Condition Attacks against LLMs

These are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and more about whether user inputs and generated model outputs can adversely affect these other components in the broader implemented system. […] When confronted with a sensitive topic, Microsoft 365 Copilot and ChatGPT answer questions that their first-line guardrails are supposed to stop. After a few lines of text they halt—seemingly having “second thoughts”—before retracting the original answer (also known as Clawback), and replacing it with a new one without the offensive content, or a simple error message. We call this attack “Second Thoughts.” […] After asking the LLM a question, if the user clicks the Stop button while the answer is still streaming, the LLM will not engage its second-li...

The Hacker News - Protecting Tomorrow's World: Shaping the Cyber-Physical Future

The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation with industry experts, we discussed from The Hacker News https://thehackernews.com/2024/11/protecting-tomorrows-world-shaping.html

The Hacker News - Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks

Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An from The Hacker News https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html

The Hacker News - U.S. Citizen Sentenced for Spying on Behalf of China's Intelligence Agency

A 59-year-old U.S. citizen who immigrated from the People's Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China's principal civilian intelligence agency. Ping Li, 59, of Wesley Chapel, Florida, is said to have served as a cooperative contact for the Ministry of State from The Hacker News https://thehackernews.com/2024/11/us-citizen-sentenced-for-spying-on.html

The Hacker News - Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, from The Hacker News https://thehackernews.com/2024/11/over-two-dozen-flaws-identified-in.html

The Hacker News - The Future of Serverless Security in 2025: From Logs to Runtime Protection

Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is from The Hacker News https://thehackernews.com/2024/11/the-future-of-serverless-security-in.html

The Hacker News - XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. The package, named @0xengine/xmlrpc, was originally published on October 2, 2023 as a JavaScript-based XML-RPC from The Hacker News https://thehackernews.com/2024/11/xmlrpc-npm-library-turns-malicious.html

The Hacker News - Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware

A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique from The Hacker News https://thehackernews.com/2024/11/cybercriminals-exploit-popular-game.html

The Hacker News - Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers

A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024, from The Hacker News https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html

KnowBe4 - CISA Strongly Recommends Phishing-Resistant MFA

Image
We are excited to see the Cybersecurity Infrastructure Security Agency (CISA) and outgoing Director Jen Easterly strongly recommend PHISHING-RESISTANT multi-factor authentication (MFA). from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cisa-strongly-recommends-phishing-resistant-mfa

KnowBe4 - 75% of Black Friday Spam Emails Are Scams

Image
Three out of four Black Friday-themed spam emails are scams, according to researchers at Bitdefender. Most of these scams are targeting users in the US and Europe. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/3-out-4-black-friday-spam-emails-are-scams

The Hacker News - Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels

Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded from The Hacker News https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html

The Hacker News - Latest Multi-Stage Attack Scenarios with Real-World Examples

Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let's examine real-world examples of some of the most common multi-stage attack scenarios that are active right now. URLs and Other Embedded from The Hacker News https://thehackernews.com/2024/11/latest-multi-stage-attack-scenarios.html

The Hacker News - APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor

The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack, from The Hacker News https://thehackernews.com/2024/11/apt-c-60-exploits-wps-office.html

The Hacker News - INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email from The Hacker News https://thehackernews.com/2024/11/interpol-busts-african-cybercrime-1006.html

The Hacker News - Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a from The Hacker News https://thehackernews.com/2024/11/matrix-botnet-exploits-iot-devices-in.html

KnowBe4 - Chinese Threat Actor Targets Black Friday Shoppers With Phishing Campaign

Image
Researchers at EclecticIQ warn that the financially motivated Chinese threat actor “SilkSpecter” has launched a phishing campaign targeting Black Friday shoppers across Europe and the US. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-campaign-targets-black-friday-shoppers

KnowBe4 - U.K. Residents are Victims of the Latest Phishing Scam Targeting Starbuck Customer Credentials

Image
Analysis of a new phishing attack highlight just how easy it can be to spot these kinds of attacks if recipients were properly educated. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/u.k.-residents-victims-of-the-latest-phishing-scam-targeting-starbuck-customer-credentials

KnowBe4 - CyberheistNews Vol 14 #48 [Eye Opener] Phishing Attacks Now Exploit Visio and SharePoint Files

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-48-eye-opener-phishing-attacks-now-exploit-visio-and-sharepoint-files

The Hacker News - Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions from The Hacker News https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html

Schneier - What Graykey Can and Can’t Unlock

This is from 404 Media : The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, which was released on October 28. More information : Meanwhile, Graykey’s performance with Android phones varies, largely due to the diversity of devices and manufacturers. On Google’s Pixel lineup, Graykey can only partially access data from the latest Pixel 9 when in an “After First Unlock” (AFU) state—where the phone has been unlocked at least once since being powered on. from Schneier on Security https://www.schneier.com/blog/archives/2024/11/what-graykey-can-and-cant-...

The Hacker News - Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.  Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed from The Hacker News https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html

The Hacker News - CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that from The Hacker News https://thehackernews.com/2024/11/cisa-urges-agencies-to-patch-critical.html

Schneier - Security Analysis of the MERGE Voting Protocol

Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways . Abstract: The recently published “MERGE” protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper ballots through the mail. In the MERGE protocol, the votes transmitted over the internet are used to tabulate the results and determine the winners, but audits and recounts use the paper ballots that arrive in time. The enunciated motivation for the protocol is to allow (electronic) votes from overseas military voters to be included in preliminary results before a (paper) ballot is received from the voter. MERGE contains interesting ideas that are not inherently unsound; but to make the system trustworthy—to apply the MERGE protocol—would require major changes to the laws, practices, and technical and logistical abilities of U.S. election jurisdictions. The gap between theory and practice is...

The Hacker News - North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both from The Hacker News https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html

The Hacker News - China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. "The attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a from The Hacker News https://thehackernews.com/2024/11/china-linked-tag-112-targets-tibetan.html

KnowBe4 - Threat Group Use AI Adult-Based “Deepnude” Image Generator Honeypots to Infect Victims

Image
The threat group FIN7 is using the lure of generating nude images of favorite celebrities to get victims to download their NetSupport RAT. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/threat-group-use-ai-adult-based-deepnude-image-generator-to-infect-victims

KnowBe4 - Phishing Attacks Exploits the Open Enrollment Period

Image
A phishing campaign is impersonating HR to target employees who are making annual insurance changes during the open enrollment period, according to researchers at Abnormal Security. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-attacks-exploits-the-open-enrollment-period

Schneier - The Scale of Geoblocking by Nation

Interesting analysis : We introduce and explore a little-known threat to digital equality and freedom­websites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between free and paid websites, allowing trunk cables to repressive states, enforcing transparency in geoblocking, and removing ambiguity about sanctions compliance are concrete steps the U.S. can take to ensure it does not undermine its own aims. The paper: “ Digital Discrimination of Users in Sanctioned States: The Case of the Cuba Embargo “: Abstract : We present one of the first in-depth and systematic end-user centered investigations into the effects of sanctions on geoblocking, specifically in the case of Cuba. We conduct network measurements on the Tranco Top 10K domains and complement our findings with a small-scale user study with a questionnaire. We identify 546 domains subject to geob...

The Hacker News - Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks

Meta Platforms, Microsoft, and the U.S. Department of Justice (DoJ) have announced independent actions to tackle cybercrime and disrupt services that enable scams, fraud, and phishing attacks. To that end, Microsoft's Digital Crimes Unit (DCU) said it seized 240 fraudulent websites associated with an Egypt-based cybercrime facilitator named Abanoub Nady (aka MRxC0DER and mrxc0derii), who from The Hacker News https://thehackernews.com/2024/11/microsoft-meta-and-doj-disrupt-global.html

The Hacker News - PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. The packages, named gptplus and claudeai-eng, were uploaded by a user named "Xeroline" in November 2023, attracting from The Hacker News https://thehackernews.com/2024/11/pypi-attack-chatgpt-claude.html

Black Hills InfoSec - Finding Access Control Vulnerabilities with Autorize

Image
In the most recent revision of the OWASP Top 10, Broken Access Controls leapt from fifth to first.1 OWASP describes an access control as something that “enforces policy such that […] The post Finding Access Control Vulnerabilities with Autorize appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/finding-access-control-vulnerabilities-with-autorize/

The Hacker News - North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs

Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and from The Hacker News https://thehackernews.com/2024/11/north-korean-front-companies.html

The Hacker News - Cyber Story Time: The Boy Who Cried "Secure!"

As a relatively new security category, many security operators and executives I’ve met have asked us “What are these Automated Security Validation (ASV) tools?” We’ve covered that pretty extensively in the past, so today, instead of covering the “What is ASV?” I wanted to address the “Why ASV?” question. In this article, we’ll cover some common use cases and misconceptions of how people misuse from The Hacker News https://thehackernews.com/2024/11/cyber-story-time-boy-who-cried-secure.html

HACKMAGEDDON - 16-31 August 2024 Cyber Attacks Timeline

In the second timeline of August 2024 I collected 108 events (6.75 events/day) with a threat landscape that... from HACKMAGEDDON https://www.hackmageddon.com/2024/11/21/16-31-august-2024-cyber-attacks-timeline/

The Hacker News - 5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been from The Hacker News https://thehackernews.com/2024/11/5-scattered-spider-gang-members.html

The Hacker News - Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets," from The Hacker News https://thehackernews.com/2024/11/googles-ai-powered-oss-fuzz-tool-finds.html

The Hacker News - NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher from The Hacker News https://thehackernews.com/2024/11/nodestealer-malware-targets-facebook-ad.html

Rapid 7 - Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)

Image
In today’s cloud-first world, security and innovation go hand-in-hand. Rapid7 is excited to announce our support for Amazon Web Services’ (AWS) new Resource Control Policies (RCPs), a powerful tool designed to bolster security controls for organizations using AWS infrastructure. As a launch partner for this feature, Rapid7’s Exposure Command now extends its capabilities even further, helping organizations set precise, scalable guardrails within their AWS environments. The need for strong guardrails in the Ciscloud Cloud platforms like AWS have transformed business agility by enabling rapid development, fast deployments, and real-time scalability. Yet, as organizations increase their reliance on cloud infrastructure, they face a heightened risk landscape. Rapid development cycles and AI-driven cloud services often result in more identities, permissions, and resources—all of which can lead to excessive access and increased risk. The need for stringent guardrails has never been more ...

The Hacker News - Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. "Criminals can now misuse Google Pay and Apple from The Hacker News https://thehackernews.com/2024/11/ghost-tap-hackers-exploiting-nfcgate-to.html

The Hacker News - Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that from The Hacker News https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html

The Hacker News - China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications from The Hacker News https://thehackernews.com/2024/11/china-backed-hackers-leverage-sigtran.html

The Hacker News - Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network from The Hacker News https://thehackernews.com/2024/11/oracle-warns-of-agile-plm-vulnerability.html

Rapid 7 - Rapid7 Recognized for ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards

Image
On Friday, November 15th, Rapid7 was awarded ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards. This award recognizes technology companies in Belfast that prioritize employee well-being. At Rapid7, we believe that the best ideas and solutions come from diverse, multi-faceted teams. By supporting our people with programs that enhance their well-being and quality of life, we create an environment where they can continue to have rewarding career experiences and make an incredible impact on our business. Our programs go beyond just taking care of people when they are sick. Instead, we look to increase their overall quality of life with unique initiatives and offerings that support both physical and mental health and wellness. Our award submission was broken down into three key areas where we offer unique benefits that make us leaders in our field. These areas included benefit offerings, physical health and well-being, and mental health and well-being. Be...

Rapid 7 - Accelerate Mean Time to Exposure Remediation Across Hybrid Environments with Remediation Hub

Image
As organizations continue to scale their digital infrastructure, the volume of vulnerabilities and exposures grows at an overwhelming pace. Security teams often find themselves inundated with alerts and risk signals, unable to remediate every issue within their environment. They often struggle to keep pace with the dynamic nature of threats, and existing tools were not built to address the complexity of modern IT environments. With limited time and resources, trying to address every potential vulnerability is not feasible. This reality has driven the need for prioritization—teams must focus on the vulnerabilities that present the highest risks to their organization, based on factors like attacker behaviors, real-world threat intelligence, and exploitability. Meet Remediation Hub, Your New Home for Exposure Prioritization and Remediation Rapid7’s Remediation Hub, our newest addition to the Exposure Command platform, is designed to address this exact challenge. Remediation Hub auto...

Schneier - Why Italy Sells So Much Spyware

Interesting analysis : Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document , as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally be prohibitive. As a result, thousands of spyware operations have been carried out by Italian authorities in recent years, according to a report from Riccardo Coluccini, a respected Italian journalist who specializes in covering spyware and hacking. Italian spyware is cheaper and easier to use, which makes it more widely used. And Italian companies have been in this market for a long time. from Schneier on Security https://www.schneier.com/blog/archives/2024/11/why-italy-sells-so-much-sp...

The Hacker News - New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group from The Hacker News https://thehackernews.com/2024/11/new-helldown-ransomware-expands-attacks.html

The Hacker News - Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets." It's not clear what information was taken, if any, from The Hacker News https://thehackernews.com/2024/11/chinese-hackers-exploit-t-mobile-and.html

The Hacker News - CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws

Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was from The Hacker News https://thehackernews.com/2024/11/cisa-alert-active-exploitation-of.html

The Hacker News - Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The from The Hacker News https://thehackernews.com/2024/11/urgent-critical-wordpress-plugin.html

The Hacker News - PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface IP from The Hacker News https://thehackernews.com/2024/11/pan-os-firewall-vulnerability-under.html

The Hacker News - Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA, from The Hacker News https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html

Schneier - Good Essay on the History of Bad Password Policies

Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson’s work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward, if not for two mistakes that would impede future progress in improving passwords for decades. First, was Morris and Thompson’s confidence that their solution, a password policy, would fix the underlying problem of weak passwords. They incorrectly assumed that if they prevented the specific categories of weakness that they had noted, that the result would be something strong. After implementing a requirement that password have multiple characters sets or more total characters, they wrote: These improvements make it exceedingly difficult to find any individual password. The user is warned of the risks and if he cooperates, he is very safe indeed. As should be obvious now, a user who chooses “p@ssword” to comp...

The Hacker News - Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software," from The Hacker News https://thehackernews.com/2024/11/vietnamese-hacker-group-deploys-new-pxa.html

The Hacker News - How AI Is Transforming IAM and Identity Security

In recent years, artificial intelligence (AI) has begun revolutionizing Identity Access Management (IAM), reshaping how cybersecurity is approached in this crucial field. Leveraging AI in IAM is about tapping into its analytical capabilities to monitor access patterns and identify anomalies that could signal a potential security breach. The focus has expanded beyond merely managing human from The Hacker News https://thehackernews.com/2024/11/how-ai-is-transforming-iam-and-identity.html

The Hacker News - High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8. Environment variables are user-defined values that can allow a program from The Hacker News https://thehackernews.com/2024/11/high-severity-flaw-in-postgresql-allows.html

The Hacker News - Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin

Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange. from The Hacker News https://thehackernews.com/2024/11/bitfinex-hacker-sentenced-to-5-years.html

The Hacker News - CISA Flags Critical Palo Alto Network Flaws Actively Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild. To that, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5, from The Hacker News https://thehackernews.com/2024/11/cisa-flags-critical-palo-alto-network.html

The Hacker News - Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said. "The landing from The Hacker News https://thehackernews.com/2024/11/google-warns-of-rising-cloaking-scams.html

The Hacker News - 5 BCDR Oversights That Leave You Exposed to Ransomware

Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent from The Hacker News https://thehackernews.com/2024/11/5-bcdr-oversights-that-leave-you-exposed-to-ransomware.html

Schneier - New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted. This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones. The post New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones appeared first on Schneier on Security . from Schneier on Security https://www.schneier.com/blog/archives/2024/11/new-ios-security-feature-makes-it-harder-for-police-to-unlock-seized-phones.html

The Hacker News - TikTok Pixel Privacy Nightmare: A New Case Study

Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young holidaymakers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured from The Hacker News https://thehackernews.com/2024/11/tiktok-pixel-privacy-nightmare-new-case.html

The Hacker News - New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including from The Hacker News https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html

The Hacker News - Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash. It was patched by Microsoft earlier this from The Hacker News https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html

KnowBe4 - Fortifying Defenses Against AI-Powered OSINT Cyber Attacks

Image
In the ever-evolving landscape of cybersecurity, the convergence of Artificial Intelligence (AI) and Open-Source Intelligence (OSINT) has created new opportunities for risk. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/fortifying-defenses-against-ai-powered-osint-cyber-attacks

KnowBe4 - Criminal Threat Actor Uses Stolen Invoices to Distribute Malware

Image
Researchers at IBM X-Force are tracking a phishing campaign by the criminal threat actor “Hive0145” that’s using stolen invoice notifications to trick users into installing malware. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/criminal-threat-actor-uses-stolen-invoices-to-distribute-malware

Schneier - Mapping License Plate Scanners in the US

DeFlock is a crowd-sourced project to map license plate scanners . It only records the fixed scanners, of course. The mobile scanners on cars are not mapped. The post Mapping License Plate Scanners in the US appeared first on Schneier on Security . from Schneier on Security https://www.schneier.com/blog/archives/2024/11/mapping-license-plate-scanners-in-the-us.html

The Hacker News - Comprehensive Guide to Building a Strong Browser Security Program

The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that from The Hacker News https://thehackernews.com/2024/11/comprehensive-guide-to-building-strong.html

HACKMAGEDDON - 1-15 August 2024 Cyber Attacks Timeline

In the first timeline of August 2024 I collected 123 events (8.13 events/day) with a threat landscape that was one of those exceptions... from HACKMAGEDDON https://www.hackmageddon.com/2024/11/13/1-15-august-2024-cyber-attacks-timeline/

The Hacker News - OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution

A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and from The Hacker News https://thehackernews.com/2024/11/ovrc-platform-vulnerabilities-expose.html

The Hacker News - Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said from The Hacker News https://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html

The Hacker News - Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in from The Hacker News https://thehackernews.com/2024/11/microsoft-fixes-90-new-vulnerabilities.html

The Hacker News - New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the from The Hacker News https://thehackernews.com/2024/11/new-flaws-in-citrix-virtual-apps-enable.html

The Hacker News - New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub from The Hacker News https://thehackernews.com/2024/11/new-phishing-tool-goissue-targets.html

KnowBe4 - [FREE RESOURCE KIT] Stay Cyber Safe this Holiday Season with Our Free 2024 Resource Kit!

Image
Isn’t it typical for bad actors to strike when we’re distracted and busy during this time of year? from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/free-resource-kit-stay-cyber-safe-this-holiday-season-with-our-free-2024-resource-kit

Schneier - Criminals Exploiting FBI Emergency Data Requests

I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. Turns out the same thing is true for non-technical backdoors: The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data. In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would “suffer greatly or die” unless the company in question returns the requested information. The FBI said the compromised access to law enforcement accounts allowed the hackers to generate legitimate-looking subpoenas that resulted in companies turning over usernames, emails, phone numbers, and other private information about their users. from Schneier on Security https://www.schneier.com/blog/archives/2024/11/crimin...

The Hacker News - 5 Ways Behavioral Analytics is Revolutionizing Incident Response

Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it’s now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral insights during alert triage and investigation, SOCs can transform their workflows to become more from The Hacker News https://thehackernews.com/2024/11/5-ways-behavioral-analytics-is.html

The Hacker News - New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend from The Hacker News https://thehackernews.com/2024/11/new-ymir-ransomware-exploits-memory-for.html

The Hacker News - Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer," Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. "However, threat actors have from The Hacker News https://thehackernews.com/2024/11/cybercriminals-use-excel-exploit-to.html

Krebs - FBI: Spike in Hacked Police Emails, Fake Subpoenas

Image
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. In an alert (PDF) published this week, the FBI said it has seen un uptick in postings on criminal forums regarding the process of emergency data requests (EDRs) and the sale of email credentials stolen from police departments and government agencies. “Cybercriminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” the FBI warned. In the United States, when federal, state or local law enforcement agencies wish to obtain information about an account at a techn...

KnowBe4 - [Eye Opener] Attackers Don’t Hack, They Log In. Can You Stop Them?

Image
The latest trend in cybercrime is that attackers don't really focus on “hacking” in; they’re logging in. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/eye-opener-attackers-dont-hack-they-log-in.-can-you-stop-them

The Hacker News - Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. "Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface," the company said. "At this time, we do not know the specifics of the from The Hacker News https://thehackernews.com/2024/11/palo-alto-advises-securing-pan-os.html

The Hacker News - Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering

The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March. The U.S. Department of Justice (DoJ) from The Hacker News https://thehackernews.com/2024/11/bitcoin-fog-founder-sentenced-to-12.html

The Hacker News - IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools

High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called ElizaRAT and a new stealer payload dubbed ApoloStealer on specific victims of interest, Check Point from The Hacker News https://thehackernews.com/2024/11/icepeony-and-transparent-tribe-target.html