Author: Admin
August 29, 2024Ravi LakshmananIoT Security / Vulnerability A multi-year high-severity flaw affecting AVTECH IP cameras has been weaponized by attackers as a zero-day tool to tie them into botnets. CVE-2024-7029 (CVSS Score: 8.7), the vulnerability in question is “a remote code execution (RCE) command injection vulnerability discovered in the brightness feature of AVTECH CCTV cameras.” , Akamai researchers Kyle Lefton, Larry Cashdollar and Aline Eliovich said. Details of the security flaw were first published earlier this month by the US Cybersecurity and Infrastructure Security Agency (CISA), highlighting its low attack complexity and remote exploitability. “Successful exploitation of this vulnerability could…
US cybersecurity and intelligence agencies have accused an Iranian hacking group of hacking multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity was linked to a threat actor called Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which is described as being linked to the Iranian government and using an Iranian information technology (IT) company, Danesh Novin Sahand , probably as a cover. “Their malicious cyber operations are aimed at deploying ransomware attacks to gain and develop network access,” said the Cybersecurity and Infrastructure Security Agency (CISA),…
August 29, 2024Ravi LakshmananInternet Crime / Privacy French prosecutors on Wednesday formally charged CEO Paul Dourav with facilitating a series of criminal activities on the popular messaging platform and opened a formal investigation. after his arrest saturday Russian-born Durov, who is also a French citizen, was charged with complicity in the distribution of child sexual abuse material (CSAM), as well as facilitating organized crime, illegal operations, drug trafficking and fraud. There was also a fool is charged with “refusal to hand over, at the request of the competent authorities, information or documents necessary to conduct and carry out interceptions authorized…
August 28, 2024Ravi LakshmananVulnerability / Data Security Fortra has resolved a critical security flaw affecting the FileCatalyst workflow that could be exploited by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, has a CVSS score of 9.8 and results from the use of a static password to connect to an HSQL database. “The default credentials to install the HSQL database (HSQLDB) for FileCatalyst Workflow are published to the vendor knowledge base article”Fortra said in the consulting room. “Misuse of these credentials may compromise the confidentiality, integrity, or availability of the software.” “HSQLDB is included for ease…
August 28, 2024Ravi LakshmananCyber Attack / Vulnerability Cyber espionage linked to South Korea has been linked to exploiting a zero-day critical remote code execution flaw in Kingsoft WPS Office to deploy a special backdoor called SpyGlace. The activity was attributed to the threat actor duplicated APT-C-60according to cybersecurity firms ESET and DBAPPSecurity. There were attacks found to infect Chinese and East Asian users with malware. The security flaw in question CVE-2024-7262 (CVSS Score: 9.3) which results from a lack of proper validation of user-supplied file paths. This vulnerability essentially allows an adversary to load an arbitrary Windows library and achieve…
It has been observed that the threat actors behind the BlackByte ransomware group are likely exploiting a recently patched security flaw affecting VMware ESXi hypervisors, as well as using various vulnerable drivers to remove protections. “The BlackByte ransomware group continues to use the tactics, techniques, and procedures (TTP) that have been at the core of its trade since its inception, constantly repeating the use of vulnerable drivers to bypass protections and deploying a self-propagating ransomware encryptor,” the statement said. Cisco Talos Technical Bulletin the report shared with The Hacker News. Operation of CVE-2024-37085the authentication bypass vulnerability in VMware ESXi, which…
August 28, 2024Ravi LakshmananPhishing attack / Data breach Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that uses Microsoft’s Sway infrastructure to host fake pages, once again highlighting the misuse of legitimate cloud offerings for malicious purposes. “By using legitimate cloud applications, attackers build trust with victims, helping them trust the content they serve,” Netskope Threat Labs researcher Ian Michael Alcantara said. “Also, the victim is using their Microsoft 365 account that they are already signed in to when they open the Sway page, which can also help convince them of its legitimacy. Sway…
August 28, 2024Ravi LakshmananSoftware Security / Vulnerability The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added critical security flaw affecting Apache OFBiz open source enterprise resource planning (ERP) system for its known vulnerabilities (KEV) catalog with reference to evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, has a CVSS score of 9.8, indicating critical severity. “Apache OFBiz contains an incorrect authorization vulnerability that could allow an unauthenticated attacker to execute remote code via a Groovy payload in the context of an OFBiz user process,” CISA said. Details of the vulnerability first came to light…
August 28, 2024Ravi LakshmananWordPress Security / Site Protection A critical security flaw was discovered in the WPML multilingual WordPress plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. Vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), affects all versions of the plugin before 4.6.13, which was released on August 20, 2024. The issue, which occurs due to the lack of input validation and sanitization, allows authenticated attackers with Contributor access and above to execute code on the server. WPML is a popular plugin used to create multilingual WordPress sites. It has over a million active installs.…
August 27, 2024Ravi LakshmananCyber espionage / malware Users of Chinese instant messaging apps such as DingTalk and WeChat are being targeted by a backdoor in a version of Apple’s macOS called HZ RAT. The artifacts “almost exactly repeat the functionality of the Windows version of the backdoor and differ only in the payload, which is obtained in the form of shell scripts from the attackers’ server,” said Kaspersky researcher Sergey Puzan. said. ХЗ RAT was documented for the first time by the German cyber security company DCSO in November 2022, the malware was distributed via self-extracting zip archives or malicious…