Posts

Showing posts from December, 2024

The Hacker News - How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy from The Hacker News https://thehackernews.com/2024/12/how-to-plan-new-and-improved-password.html

The Hacker News - Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library

Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets. The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npm from The Hacker News https://thehackernews.com/2024/12/researchers-uncover-backdoor-in-solanas.html

The Hacker News - Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People's Republic of China (PRC)-affiliated threat actors targeting telecommunications providers. "Identified exploitations or compromises associated with these threat actors' activity align with existing weaknesses associated with victim infrastructure; no novel from The Hacker News https://thehackernews.com/2024/12/joint-advisory-warns-of-prc-backed.html

The Hacker News - Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X. The from The Hacker News https://thehackernews.com/2024/12/hackers-use-corrupted-zips-and-office.html

Rapid 7 - Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

Image
The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution (RCE) exploit chain as an entry for the competition. On November 25, 2024, Lorex released a firmware update to resolve the five vulnerabilities that comprise the exploit chain reported by Rapid7. As of December 3, 2024, we are disclosing these issues publicly in coordination with the vendor. Technical analysis A detailed technical analysis for the exploit chain described in this blog can be found in Rapid7’s whitepaper here . The accompanying source code for the exploit chain can be found here . The exploit chain consists of five distinct vulnerabilities, which operate together in two phases to achieve unauthenticated RCE. The five vulnerabilities are listed below. CVE Description Affected Component CVSS CVE-2024-5...

Rapid 7 - Expanded SOC Coverage Into AWS Environments with Rapid7 MXDR

Image
Co-athored by Mikayla Wyman and Ryan Blanchard As organizations increasingly rely on AWS for scalability and innovation, the complexity of securing these environments grows. AWS offers a robust set of native services and a comprehensive ecosystem, but managing security signals and responding to threats across dynamic workloads can overwhelm even the most well-equipped teams. Rapid7’s Managed Extended Detection and Response (MXDR) service has focused on helping customers bridge this gap, unifying security telemetry from major cloud service providers including AWS and Azure, with expert-driven detection and response. With MXDR, organizations can confidently scale their cloud investments without sacrificing the comprehensive coverage they’re familiar with today. Tailored to AWS Workloads and Modern Cloud Security Challenges MXDR delivers the context and coverage needed to handle complex threats in AWS environments, providing a purpose-built service to address the specific challenges ...

The Hacker News - Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack from The Hacker News https://thehackernews.com/2024/12/cisco-warns-of-exploitation-of-decade.html

The Hacker News - NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. "By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access from The Hacker News https://thehackernews.com/2024/12/nachovpn-tool-exploits-flaws-in-popular.html

The Hacker News - North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September, from The Hacker News https://thehackernews.com/2024/12/north-korean-kimsuky-hackers-use.html

The Hacker News - Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer from The Hacker News https://thehackernews.com/2024/12/horns-campaign-delivers-rats-via-fake.html

The Hacker News - SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan

Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks," Fortinet FortiGuard Labs said in a report shared with The Hacker News. "While from The Hacker News https://thehackernews.com/2024/12/smokeloader-malware-resurfaces.html

Schneier - Details about the iOS Inactivity Reboot Feature

I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time. Here are the technical details , discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi. from Schneier on Security https://www.schneier.com/blog/archives/2024/12/details-about-the-ios-inactivity-reboot-feature.html

The Hacker News - INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million

A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies. The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V, which took place between July and from The Hacker News https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html