Author: Admin
Cybersecurity researchers have discovered that entry points can be abused in various programming ecosystems such as PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to conduct attacks on software supply chains. “Attackers can use these entry points to execute malicious code when certain commands are executed, creating widespread danger in the open source landscape,” Checkmarx researchers Yehuda Gelb and Elad Rapaport said in the report shared with The Hacker News. The software supply chain security company noted that point-of-entry attacks offer threat actors a more cunning and persistent method of breaching systems in a way that bypasses traditional…
October 14, 2024Hacker newsCloud Security / Vulnerability The connection between detection and response (DR) techniques and cloud security has historically been tenuous. As global organizations increasingly move to the cloud, security strategies largely focus on “left shift” practices—protecting code, ensuring the cloud is properly deployed, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning cloud infrastructure, workloads, and even applications. Despite these advanced tools, organizations often need weeks or even months to discover and resolve incidents. Add to that the challenges of tool proliferation, skyrocketing cloud security costs, and massive false…
October 14, 2024Ravi LakshmananNetwork Security / Vulnerability A suspected adversary nation-state has been observed exploiting three zero-day security flaws in the Ivanti Cloud Service Appliance (CSA) to perform a series of malicious actions. This follows findings from Fortinet’s FortiGuard Labs, which said the vulnerabilities were used to gain unauthenticated access to the CSA, enumerate the users configured on the device, and attempt to gain access to those users’ credentials. “Advanced adversaries have been observed exploiting and combining zero-day vulnerabilities to establish access to a foothold on a victim’s network,” security researchers Faisal Abdul Malik Qureshi, John Simmons, Jared Betts, Luca…
October 14, 2024Ravi LakshmananRansomware / Vulnerability Threat actors are actively trying to exploit a patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has tracked a series of attacks over the past month using compromised VPN credentials and CVE-2024-40711 to create a local account and deploy ransomware. CVE-2024-40711 with a CVSS rating of 9.8 out of 10.0 is related to critical vulnerability which allows remote code execution without authentication. This was resolved by Veeam in Backup & Replication version 12.2 in early September 2024. Security researcher Florian Hauser from the…
October 13, 2024Ravi Lakshmanan The Iranian threat actor known as Oil rig A patched privilege escalation flaw affecting the Windows kernel was seen being used in a cyber espionage campaign targeting the UAE and the wider Gulf region. “The group uses sophisticated tactics that include deploying a backdoor that uses Microsoft Exchange servers to steal credentials and exploiting vulnerabilities such as CVE-2024-30088 for elevation of privilege,” Trend Micro researchers Mohamed Fahmi, Bahaa Yamani, Ahmed Kamal and Nick Dye said in an analysis published on Friday. A cyber security company tracks down a pseudonymous threat actor The land of Simnavazwhich is…
October 12, 2024Ravi LakshmananCryptocurrency / Cybercrime The US Department of Justice (DoJ) has announced the arrests and indictments of several individuals and entities in connection with the alleged manipulation of digital asset markets as part of a widespread fraud operation. The action of law enforcement officers is a code name Operation Token Mirrors – is the result of the US Federal Bureau of Investigation (FBI) taking the “unprecedented step” of creating its own cryptocurrency token and company called NexFundAI. According to information on the website, NexFundAI was touted as redefining “the intersection between finance and artificial intelligence” and that its…
A new tax-themed malware campaign targeting the insurance and financial sectors has been spotted using GitHub links in phishing emails as a way to bypass security measures and deliver the Remcos RAT, suggesting that this method is gaining popularity among threat actors. “This campaign used legitimate repositories such as open tax filing software, UsTaxes, HMRC and InlandRevenue, instead of unknown, low-star repositories,” said Cofense researcher Jacob Malimban. said. “The use of trusted repositories to deliver malware is relatively new compared to threat actors creating their own GitHub malware repositories. These malicious GitHub links can be linked to any repository that…
Threat actors are constantly changing tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks combine multiple cracking techniques to increase their effectiveness. These combined approaches take advantage of the strengths of different methods, speeding up the process of cracking passwords. In this post, we’ll explore hybrid attacks—what they are and the most common types. We’ll also discuss how your organization can protect itself against them. A mixed approach of hybrid attacks Threat actors are always looking for better, more successful ways to crack passwords – and hybrid attacks allow them to combine two different…
October 11, 2024Ravi LakshmananVulnerability / Network Security The US Cybersecurity and Infrastructure Security Agency (CISA) warns that threat actors have been observed using unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct intelligence on target networks. It says that the module is used to list other devices on the network that do not have access to the Internet. The agency, however, does not reveal who is behind this activity and what the ultimate goals of the campaign are. “An attacker could use information collected from unencrypted cookies to infer or identify additional network resources…
October 11, 2024Ravi LakshmananDevOps / Vulnerability GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security vulnerabilities, including a critical bug that could allow continuous integration and continuous delivery (CI/CD) pipelines to run on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability has a CVSS score of 9.6 out of 10. “An issue has been discovered in GitLab EE that affects all versions from 12.5 to 17.2.9, from 17.3 to 17.3.5, and from 17.4 to 17.4.2, which allows pipelines to run on arbitrary branches,” – GitLab said in the consulting room. Of the remaining…