Author: Admin
December 23, 2024Ravi LakshmananGDPR / data privacy The Italian Data Protection Authority has fined ChatGPT maker OpenAI has been fined €15 million ($15.66 million) over how the generative artificial intelligence program handles personal data. The penalty comes almost a year after the Guarantee found that ChatGPT processed user information to train its service in violation of the European Union’s General Data Protection Regulation (GDPR). Authorities said OpenAI did not notify it of a breach of security which took place in March 2023. and that it processed users’ personal information for ChatGPT training without having a sufficient legal basis to do…
A dual citizen of Russia and Israel has been indicted in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation from its inception in 2019 or around February 2024. Rostislav Panev51, was arrested in Israel earlier this August and is currently awaiting extradition, the US Department of Justice (DoJ) said in a statement. Based on transfers to a cryptocurrency wallet owned by Panev, he allegedly earned about $230,000 between June 2022 and February 2024. “For years, Rostislav Panev created and maintained a digital weapon that allowed his associates at LockBit to wreak havoc and…
The Lazarus Group, a notorious threat linked to the Democratic People’s Republic of Korea (DPRK), was seen using a “sophisticated infection chain” to target at least two employees of an unnamed nuclear-related organization over a one-month period in January 2024 The attacks culminated in the deployment of a new modular backdoor called CookiePlusare part of a long-running cyberespionage campaign known as Operation Dream Job, which is also being tracked as NukeSped by the cyber security company Kaspersky. He has been known to be active since at least 2020, when he was exposed by ClearSky. This activity often involves targeting developers…
December 20, 2024Ravi LakshmananFirewall Security / Vulnerability Sophos has it patches released to address three security vulnerabilities in Sophos Firewall products that could be used to allow remote code execution and allow privileged system access under certain conditions. Of the three, two are rated critical in terms of severity. There is currently no evidence that the flaws have been exploited in the wild. The list of vulnerabilities is as follows – CVE-2024-12727 (CVSS Score: 9.8) – A SQL pre-authentication vulnerability in the email protection feature that could lead to remote code execution when certain Secure PDF eXchange (SPX) configuration is…
December 20, 2024Ravi LakshmananMalware / Supply chain attack The Rspack developers revealed that two of their npm packages, @rspack/core and @rspack/cliwere compromised in a software supply chain attack that allowed an attacker to publish malicious versions to the official cryptocurrency mining malware package registry. After discoveryversions 1.1.7 of both libraries have been removed from the npm registry. The latest secure version is 1.1.8. “They were released by an attacker who gained unauthorized access to an npm post and contain malicious scripts,” according to software security firm Socket. said in the analysis. Rspack considered as an alternative webpackoffering “a high-performance JavaScript…
December 20, 2024Ravi LakshmananVulnerability / Cyber attack Fixed a critical security flaw affecting Fortinet FortiClient EMS being exploited by attackers as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question CVE-2023-48788 (CVSS Score: 9.3), a SQL implementation flaw that allows attackers to execute unauthorized code or commands by sending specially crafted data packets. Russian cybersecurity firm Kaspersky said the October 2024 attack targeted an unnamed company’s Windows server that was exposed to the Internet and had two open ports connected to FortiClient EMS. “The targeted company uses this technology to…
December 20, 2024Ravi LakshmananCISA / Vulnerability The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added critical security flaw affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products for known vulnerabilities (KEV) catalog with reference to evidence of active exploitation in the wild. Vulnerability, tracked as CVE-2024-12356 (CVSS Score: 9.8) is a command injection flaw that could be used by an attacker to execute arbitrary commands as a site user. “BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability that could allow an unauthenticated attacker to enter commands that execute on behalf…
December 19, 2024Ravi LakshmananMisinformation / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has opened that a threat actor it tracks as UAC-0125 is using the Cloudflare Workers service to force military personnel in the country to download malware under the guise of Army+a mobile application that was introduced by the Ministry of Defense back in August 2024 to make the armed forces paperless. Users visiting the fake Cloudflare Workers websites are prompted to download the Army+ for Windows executable file created using the Nullsoft Scriptable installer (NSIS), an open source tool used to create operating system installers. Opening…
December 19, 2024Ravi LakshmananSupply Chain / Software Security Threat actors have been observed downloading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node, which have garnered thousands of downloads in the package registry. Counterfeit versions, no @typescript_eslinter/eslint and species-nodedesigned to load a trojan and produce a stage two payload, respectively. “While typosquatting attacks are hardly new, it’s worth noting the effort nefarious contributors have put into these two libraries to pass them off as legitimate,” Sonatype’s Ax Sharma said in an analysis published Wednesday. “Furthermore, high download numbers for packages like ‘types-node’ are an indication that some developers…
December 19, 2024Ravi LakshmananMalware/botnet Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malware campaign deploying the Mirai botnet malware. The company said it is issuing the advisory after “several customers” reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. “These systems were infected with the Mirai malware and subsequently used as a source of DDOS attacks on other devices accessible through their network,” it said. said. “All affected systems used default passwords.” Miraiwhose source code was published in 2016, has spawned several variants…