Author: Admin
August 20, 2024Ravi LakshmananEnterprise Security / Data Breach Cybersecurity researchers are warning of the discovery of thousands of third-party Oracle NetSuite e-commerce sites that have been found to be vulnerable to leaking sensitive customer information. “A potential issue in the NetSuite SuiteCommerce platform could allow attackers to gain access to sensitive data due to misconfiguration of access controls for custom record types (CRTs),” Aaron Costello of AppOmni said. It should be emphasized here that the problem is not a lack of security in the NetSuite product, but a misconfiguration of the client that can lead to the leakage of sensitive…
August 20, 2024Ravi LakshmananMalware / cyber espionage Cyber security researchers have shed light on a threat known as A blind eagle which has persistently targeted organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries. The targets of these attacks span multiple sectors, including government agencies, financial companies, and energy and oil and gas companies. “Blind Eagle has demonstrated adaptability in shaping the targets of its cyberattacks and the versatility to switch between purely financially motivated attacks and espionage operations,” Kaspersky said. said in Monday’s report. Also referred to as APT-C-36, Blind Eagle appears believed Since at…
August 19, 2024Ravi LakshmananHarmful advertising / Cybercrime Cybersecurity researchers have discovered a spike in malware infections as a result of malicious ad campaigns that distribute a downloader called FakeBat. “These attacks are opportunistic and target users looking for popular business software,” Mandiant Managed Defense Team said in the technical report. “The infection uses an MSIX installer trojan that executes a PowerShell script to download an additional payload.” FakeBatwhich is also called EugenLoader and PaykLoader, is associated with a threat actor named Eugenfest. The Google-owned threat intelligence team is tracking a malware called NUMOZYLOD and has attributed a Malware-as-a-Service (MaaS) operation…
August 19, 2024Ravi LakshmananThreat Intelligence / Cryptocurrency A new type of malware called UULoader is used by threat actors to deliver next-stage payloads such as Gh0st RAT and Mimiket. Cyberint, the research group that discovered the malware, said it was distributed as malicious installers for legitimate apps targeting Korean and Chinese speakers. There is evidence that UULoader is the work of a Chinese native speaker due to the presence of Chinese lines in the program database (PDB) files embedded in the DLL file. “UULoader’s ‘core’ files are contained in a Microsoft Cabinet archive (.cab) file that contains two core executables…
According to the latest research on employee exit70% of IT professionals say they’ve experienced the negative impact of an incomplete IT shutdown, whether it’s a security incident involving an account that wasn’t shut down, an unexpected bill for resources that are no longer in use, or a missed handover of a critical resource or account. This is despite the fact that each departing employee spends an average of five hours on activities such as locating and disabling SaaS accounts. As the number of SaaS in most organizations continues to expand, it becomes increasingly difficult (and time-consuming) to ensure that all…
August 19, 2024Ravi LakshmananCloud Security / Threat Intelligence Attackers use a cloud-based attack tool called Xeon Sender to conduct large-scale SMS phishing and spam campaigns, abusing legitimate services. “Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers,” SentinelOne security researcher Alex Delamotte. said in a report shared with The Hacker News. Examples of services used to facilitate bulk SMS messaging include Amazon Simple Notification Service (SNS), Nexmo, Plivo, Proovl, Send99, Telesign, Telnyx, TextBelt, Twilio. It is important to note here that this activity does not exploit the weaknesses inherent in…
August 19, 2024Ravi LakshmananVulnerability / Zero-Day A recently patched security flaw in Microsoft Windows was exploited as a zero-day Lazar’s groupa prolific state-funded actor with ties to North Korea. A security vulnerability tracked as CVE-2024-38193 (CVSS score: 7.8) was described as an elevation of privilege error in the Windows Auxiliary Functions Driver (AFD.sys) for WinSock. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges” – Microsoft said in a deficiency advisory last week. It was addressed by the tech giant as part of its monthly Patch Tuesday update. Gen Digital researchers Luigino Camastro and Milanek are credited with…
August 19, 2024Ravi LakshmananCyber Crime / Network Security Cybersecurity researchers have discovered new infrastructure associated with a financially motivated threat known as FIN7. Two clusters of potential FIN7 activity “show traffic coming into the FIN7 infrastructure from IP addresses assigned respectively to Post Ltd (Russia) and SmartApe (Estonia),” Team Cymru said in a report released this week as part of a joint investigation with Silent Push and Stark Industries Solutions. Conclusions are based on a a recent report from Silent Push, which found several Stark Industries IP addresses dedicated exclusively to hosting FIN7 infrastructure. Recent analysis indicates that the hosts…
On Friday, OpenAI said it had banned a set of accounts linked to what it called a covert Iranian influence operation that used ChatGPT to create content that focused on, among other things, the upcoming US presidential election. “This week we identified and took down a cluster of ChatGPT accounts that were creating content for a covert Iranian influence operation codenamed Storm-2035,” OpenAI. said. “The operation used ChatGPT to create content focused on a range of topics — including commentary on candidates from both sides of the US presidential election — which was then shared via social media accounts and…
August 16, 2024Ravi LakshmananCloud Security / Application Security A large-scale ransomware campaign compromised various organizations by exploiting publicly available environment variable (.env) files containing credentials related to cloud and social networking applications. “Several security errors were made during this campaign, including the following: exposing environment variables, using long-lived credentials, and not having a least-privilege architecture,” Palo Alto Networks Division 42. said in a report on Thursday. The company is notable for installing its attack infrastructure in infected organizations’ Amazon Web Services (AWS) environments and using them as a launch pad to scan more than 230 million unique targets for sensitive…