Author: Admin
September 12, 2024Ravi LakshmananDevSecOps / Vulnerability On Wednesday, GitLab released security updates to address 17 vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue tracked as CVE-2024-6678 has a CVSS score of 9.9 out of a maximum of 10.0 “An issue has been discovered in GitLab CE/EE that affects all versions from 8.14 to 17.1.7, from 17.2 to 17.2.5, and from 17.3 to 17.3.2, which allows an attacker to run the pipeline as an arbitrary user under certain circumstances “, the company said in the notice. The vulnerability, along with…
September 12, 2024Ravi LakshmananMobile Security / Financial Fraud Bank customers in the Central Asian region have been targeted by a new strain of code-named Android malware My class from at least November 2024 for the purpose of collecting financial information and intercepting two-factor authentication (2FA) messages. Singapore-headquartered Group-IB, which discovered the threat in May 2024, said the malware was being distributed through a network of Telegram channels created by threat actors masquerading as legitimate applications related to banking, payment systems and government services. or daily utilities. “The attacker has a network of affiliates motivated by financial gain that distributes the…
September 12, 2024Ravi LakshmananRegulatory Compliance / Data Protection Ireland’s Data Protection Commission (DPC) has announced it has launched a “cross-border legislative investigation” into Google’s core artificial intelligence (AI) model to determine whether the tech giant followed the region’s data protection rules when handling the personal data of European users. “The statutory inquiry concerns whether Google has fulfilled any obligations it may have had to carry out an assessment under Article 35(2) of the General Data Protection Regulation (Data Protection Impact Assessment) before engaging in the processing of personal data of EU/EEA data subjects related to the development of their foundational…
September 12, 2024Ravi LakshmananMalware/IoT Security Nearly 1.3 million Android TV boxes running outdated versions of the operating system and owned by users in 197 countries have been infected by a new malware called Vo1d (aka Void). “This is a backdoor that places its components in the system storage and is capable of secretly downloading and installing third-party software at the command of attackers,” Russian anti-virus vendor Doctor Web said. said in a report released today. Most of the infections were found in Brazil, Morocco, Pakistan, Saudi Arabia, Argentina, Russia, Tunisia, Ecuador, Malaysia, Algeria and Indonesia. It is currently unknown what…
September 12, 2024Ravi LakshmananCryptocurrency / Network Security Selenium Grid instances exposed on the Internet are targeted by attackers for illegal cryptocurrency mining and proxyjacking companies. “Selenium Grid is a server that makes it easy to run tests in parallel across browsers and versions,” Cado Security researchers Tara Gould and Nate Beal said in an analysis published today. “However, Selenium Grid’s default configuration lacks authentication, making it vulnerable to exploits by threats.” The misuse of public Selenium Grid instances to deploy cryptominers was previously reported by cloud security company Wiz in late July 2024 as part of a cluster of activity…
Iraq’s government networks have been targeted by a “sophisticated” campaign of cyberattacks by an Iranian state-run threat actor known as Oil rig. The attacks targeted Iraqi organizations such as the Prime Minister’s Office and the Ministry of Foreign Affairs, according to a new analysis by cybersecurity firm Check Point. OilRig, also known as APT34, Crambus, Cobalt Gypsy, GreenBug, Hazel Sandstorm (formerly EUROPIUM), and Helix Kitten, is an Iranian cyber group affiliated with Iran’s Ministry of Intelligence and Security (MOIS). Active since at least 2014, the group has a track record of conducting phishing attacks in the Middle East to deliver…
September 12, 2024Hacker newsThreat Intelligence / Cybercrime Cato CTRL (Cyber Threats Research Lab) released its Cato CTRL SASE Threat Report Q2 2024. The report highlights key findings based on an analysis of a staggering 1.38 trillion network flows across more than 2,500 Cato clients worldwide between April and June 2024. Highlights from the Q2 2024 Cato CTRL SASE Threat Report The report is packed with unique insights based on thorough analysis of network traffic data. Three top ideas for businesses are as follows.1) IntelBroker: A constant threat in the cyber underground During an in-depth investigation of the hacker community and…
September 12, 2024Ravi LakshmananWeb Security / Content Management WordPress.org has announced a new account security measure that requires accounts with the ability to update plugins and themes to enable mandatory two-factor authentication (2FA). The execution expected to enter into force on 1 October 2024. “Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide,” the developers of the self-hosted, open-source content management system (CMS). said. “The security of these accounts is important to prevent unauthorized access and to maintain the security and trust of the WordPress.org community.” In addition to…
September 11, 2024Ravi LakshmananNetwork Security / Hacking The operators of the mysterious Quad7 botnet thrive by hacking several brands of SOHO routers and VPN devices using a combination of known and unknown security flaws. According to a new report from French cybersecurity company Sekoia, devices from TP-LINK, Zyxel, Asus, Axentra, D-Link and NETGEAR are the targets. “Quad7 botnet operators appear to be evolving their toolkit by introducing new backdoors and exploring new protocols to improve stealth and evade the tracking capabilities of their Operational Relay Blocks (ORBs),” researchers Felix Hame, Pierre-Antoine D. . , and Charles M. said. Quad7, also…
The “Simplified Chinese-speaking actor” has been linked to a new company targeting several countries in Asia and Europe with the ultimate goal of performing search engine optimization (SEO) with a ranking. The black hat SEO cluster has been codenamed DragonRank from Cisco Talos, with a victimological trail scattered across Thailand, India, Korea, Belgium, the Netherlands and China. “DragonRank uses the target’s web application services to deploy a web shell and uses it to collect system information and launch malware such as PlugX and BadIIS, which work with various credential harvesting utilities,” security researcher Joey Chen said. The attacks led to…