Author: Admin
October 31, 2024Ravi LakshmananWebsite Vulnerability / Security A serious security flaw has been discovered in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated threat actors to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), was fixed in version 6.5.2 of the plugin. “The plugin suffers from unauthenticated privilege escalation, which allows any unauthenticated visitor to gain administrator-level access, allowing malicious plugins to be downloaded and installed,” Patchstack security researcher Rafi Muhammad. said in the analysis. LiteSpeed Cache is a popular site acceleration plugin for WordPress that, as the name suggests, comes…
Simson Garfinkel on creepy cryptographic action at a distance Excellent to read. One example: Consider the case of basic public-key cryptography, in which a person’s public and private keys are created together in a single operation. These two keys are not related to quantum physics, but to mathematics. When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine. Typically, I generate a public and private key pair on my laptop and upload the public key to Amazon, which stores my public…
Cybersecurity researchers have discovered an ongoing malware campaign that abuses the Meta advertising platform and hijacks Facebook accounts to spread information, known as SYS01stealer. “The hackers behind the campaign are using trusted brands to expand their reach,” says Bitdefender Labs said in a report shared with The Hacker News. “The malware campaign leverages nearly a hundred malicious domains that are used not only for malware distribution but also for real-time command and control (C2) operations, allowing threat actors to direct the attack in real-time.” SYS01stealer was first documented Morphisec in early 2023, describing campaigns targeting business Facebook accounts using Google…
October 30, 2024Ravi LakshmananRansomware / Threat Intelligence North Korean threat actors have been implicated in a recent incident that deployed a prominent ransomware family called Play, highlighting their financial motives. Activity observed between May and September 2024 was attributed to an individual tracked as a threat Jumping Fishwhich is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy, Silent Chollima, and Stonefly. “We believe with moderate confidence that Jumpy Pisces or a faction of the group is now working with the Play ransomware group,” Division 42 Palo Alto Networks. said in a new report released…
Simpson Garfinkel on creepy cryptographic action at a distance Excellent to read. One example: Consider the case of basic public-key cryptography, in which a person’s public and private keys are created together in a single operation. These two keys are not related to quantum physics, but to mathematics. When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine. Typically, I generate a public and private key pair on my laptop and upload the public key to Amazon, which stores my public…
October 30, 2024Ravi Lakshmanan Browser Security / Vulnerability A now-fixed security flaw in the Opera web browser could have allowed a malicious extension to gain unauthorized full access to private APIs. A code-named attack CrossBarkingcould enable actions such as capturing screenshots, changing browser settings and account theft, Guardio Labs said. To demonstrate the problem, the company said it managed to publish a seemingly harmless browser extension to the Chrome Web Store, which could then exploit the flaw when installed in Opera, making it an example of a cross-browser attack on the store. “This case study not only highlights the perennial…
October 30, 2024Hacker newsVulnerability / Compliance Navigating complex compliance frameworks like ISO 27001, SOC 2 or GDPR can be difficult. luckily The intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks require, making your compliance much smoother. Read on to understand how to meet each framework’s requirements to keep customer data secure. How Intruder supports your compliance goals Intruder’s continuous vulnerability scanning and automated reporting help you meet the security requirements of various frameworks, including SOC 2, ISO 27001, HIPAA, Cyber Essentials and GDPR. Here are three main ways to support Intruder: 1. Easy…
October 30, 2024Ravi LakshmananCybercrime / Cryptocurrency Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool, but contains functionality designed to steal sensitive data and siphon assets from victims’ crypto wallets. A package called “CryptoAITools” is said to have been distributed through both the Python Package Index (PyPI) and fake GitHub repositories. It was downloaded over 1300 times before being taken down by PyPI. “The malware activated automatically upon installation and targeted both Windows and macOS operating systems,” according to a new Checkmarks report published on The Hacker News. “A deceptive graphical user interface…
October 29, 2024Ravi LakshmananCybercrime / Malware The Dutch National Police, together with international partners, announced a failure in the infrastructure that fed two information thieves, who were tracked down as RedLine and MetaStealer. The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus with the participation of the authorities of the USA, Great Britain, Belgium, Portugal and Australia. Eurojust, in a statement published today, said the operation resulted in the shutdown of three servers in the Netherlands and the seizure of two domains. In total, more than 1,200…
October 29, 2024Ravi LakshmananAI Security / Vulnerability Just over three dozen security vulnerabilities have been discovered in various open source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. Weaknesses identified in tools such as ChuanhuChatGPT, Lunary and LocalAI have been fixed reported as part of Protect AI’s Huntr bug bounty platform. The most serious of the flaws are two flaws affecting Lunary, a toolkit for producing large language models (LLM) – CVE-2024-7474 (CVSS Score: 9.1) – An insecure direct object reference (IDOR) vulnerability that could allow an authenticated…