Author: Admin
October 23, 2024Ravi LakshmananVulnerability / Threat Intelligence A fatal error has been detected in Microsoft SharePoint added to known exploits (KEV) catalog of the US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active use. The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability that affects SharePoint and could lead to remote code execution. “An authenticated attacker with permission from the site owner could use the vulnerability to inject arbitrary code and execute that code in the context of SharePoint Server,” Microsoft said. said in the notice of deficiency. There were…
October 23, 2024Hacker newsIdentity Security / Data Protection Identity security is front and center in all of the recent breaches, including Microsoft, Okta, Cloudflare, and Snowflake, to name a few. Organizations are beginning to realize that changes are needed in how we approach identity security from both a strategic and technological perspective. Identity security is about more than just providing access The traditional view that identity security is primarily concerned with granting and denying access for applications and services, often piecemeal, is no longer sufficient. This view was reflected as a broad theme in Permiso Security Identity Status Report (2024)which…
Criminals have been seen abusing the Amazon S3 (Simple Storage Service) transfer acceleration feature in ransomware attacks designed to steal victims’ data and upload it to S3 buckets under their control. “Attempts were made to disguise the Golang ransomware as the infamous LockBit ransomware,” Trend Micro researchers Yaromir Khareisi and Nitesh Surana said. “However, this is not the case, and it appears that the attacker is only using LockBit’s popularity to further tighten the noose on their victims.” Ransomware artifacts have been found to embed hard-coded Amazon Web Services (AWS) credentials to facilitate cloud data extraction, suggesting that adversaries are…
It may come as a surprise to learn that 34% of security practitioners do not know how many SaaS applications are deployed in their organizations. And it’s no wonder—the recent AppOmni The State of SaaS Security Report 2024 shows that only 15% of organizations centralize SaaS security within their cybersecurity teams. These statistics not only highlight a critical security blind spot, they also point to the fact that organizational culture is often overlooked as a driver of these risks. As SaaS environments become more decentralized, a lack of clarity around roles and responsibilities makes companies invisible. Most security teams focus…
October 23, 2024Ravi LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have shed light on a new adversarial technique that can be used to crack large language models (LLMs) during interactive conversation by injecting unwanted instructions between benign ones. Codenamed Deceptive Delight, Palo Alto Networks Unit 42 described it as simple and effective, achieving an average attack success rate (ASR) of 64.6% over three rounds of engagement. “Deceptive Delight is a multi-turn technique that engages large language models (LLMs) in an interactive conversation, gradually bypassing their protective fences and forcing them to create dangerous or harmful content,” said Unit 42’s Jay Chen…
Russian-speaking users have been targeted by a new phishing campaign that uses an open-source phishing toolkit called Gophish. DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan called PowerRAT. “The campaign includes modular infection chains, which are Maldoc or HTML-based infections and require victim intervention to start the infection chain,” Chetan Raguprasad, Cisco Talos researcher. said in Tuesday’s analysis. Targeting Russian-speaking users is an estimate derived from the language used in phishing emails, attractive content in malicious documents, links masquerading as Yandex Disk (“disk-yandex(.)ru”), and disguised HTML web pages. like VK, the social network that is predominantly used…
October 22, 2024Ravi LakshmananDocker Security / Cloud Security Bad actors have been observed targeting Docker remote API servers according to Trend Micro’s new findings, to deploy the SRBMiner cryptominer on hacked instances. “In this attack, the actor used a threat gRPC the protocol is over h2c evade security solutions and run their cryptomining operations on a Docker host,” researchers Abdelrahman Esmail and Sunil Bharti said in a technical report published today. “The attacker first checked the availability and version of the Docker API, then proceeds with gRPC/h2c update requests and gRPC methods to manipulate Docker functions.” It all starts with…
October 22, 2024Ravi LakshmananSoftware Vulnerability / Security Details of a fixed security flaw in Styra’s Open Policy Agent have surfaced (OPA), which, if successfully exploited, could lead to a leak of New Technology LAN Manager (NTLM) hashes. “The vulnerability could allow an attacker to pass the NTLM credentials of a local OPA server user account to a remote server, potentially allowing an attacker to relay authentication or crack a password,” cybersecurity firm Tenable wrote. said in a report shared with The Hacker News. The security flaw described as Server Message Block (SMB) Forced Authentication Vulnerability and tracked as CVE-2024-8260 (CVSS…
October 22, 2024Ravi LakshmananVulnerability / supply chain Cybersecurity researchers have discovered a number of suspicious packages published in the npm registry that are designed to harvest Ethereum private keys and gain remote machine access via the Secure Shell (SSH) protocol. The packages attempt to “gain SSH access to the victim’s machine by writing the attacker’s SSH public key to the root user’s authorized_keys file,” software security company Phylum said. said in an analysis published last week. List of packages whose purpose is to pretend to be legitimate a packet of ethersdefined as part of the company, listed as follows -…
October 22, 2024Ravi LakshmananIdentity Management / Security Automation Service accounts are vital to any enterprise that runs automated processes, such as program or script management. However, without proper monitoring, they can pose a significant security risk due to their elevated privileges. This guide will help you find and protect these accounts Active catalog (AD) and learn how Silverfort solutions can help improve your organization’s security. Understanding Security Accounts Service accounts are specialized Active Directory accounts that provide the necessary security context for services running on servers. Unlike user accountsthey are not tied to individuals, but allow services and applications to…