Author: Admin
October 22, 2024Ravi LakshmananVulnerability / Enterprise Security VMware has released software updates to address an already-patched security flaw in vCenter Server that could open the way for remote code execution. Vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a heap overflow vulnerability in a DCE/RPC protocol implementation. “An attacker with network access to vCenter Server could cause this vulnerability by sending a specially crafted network packet that could potentially lead to remote code execution,” the Broadcom-owned virtualization services provider. said. The flaw was originally reported by zbl and srs of the TZL team at the Matrix Cup cybersecurity competition held…
October 22, 2024Ravi LakshmananVulnerability / Cyber threat The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added critical security flaw that affects ScienceLogic SL1 before its known vulnerabilities (KEV) directory after reports of active operation as day zero. The vulnerability in question is tracked as CVE-2024-9537 (CVSS v4 score: 9.3) refers to a bug in an unspecified third-party component that could lead to remote code execution. The issue has since been fixed in versions 12.1.3, 12.2.3, and 12.3 and later. Fixes were also available for versions 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. The development comes weeks after Rackspace’s cloud…
October 21, 2024Mohit KumarCyber Security / Weekly Summary Hello! Here’s your quick fix on what’s new in cyber security. Hackers are using new techniques to break into systems we thought were secure, such as finding hidden doors in locked homes. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some large companies were affected by the attacks, while others patched their vulnerabilities in time. It’s a constant struggle. For you, staying protected means keeping your devices and apps up to date. In this newsletter, we’ll break down the top news. Whether you’re protecting…
A prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling industry. “For at least six months, the attackers secretly collected valuable information from the target company, including but not limited to network configurations, user passwords and LSASS process secrets,” said Ida Naor, the company’s co-founder and CEO. Israeli cyber security company Security Joes said in a statement general from The Hacker News. “During the intrusion, the attackers continuously updated their toolset based on the security team’s response. As defenders watched, they changed…
October 21, 2024Ravi LakshmananEncryption / Data Protection Cybersecurity researchers have discovered serious cryptographic issues in various end-to-end encryption (E2EE) cloud storage platforms that could be used to leak sensitive data. “Vulnerabilities vary in severity: in many cases, a malicious server can inject files, forge file data, and even gain direct access to plaintext,” ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong said. “Notably, many of our attacks affect multiple providers in the same way, revealing common patterns of failure in independent cryptographic projects.” The identified vulnerabilities are the result of an analysis of five major vendors such as Sync,…
October 20, 2024Ravi LakshmananVulnerability / Email Security Unknown threat actors have been observed attempting to exploit a patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cyber security company Positive Technologies said it discovered last month that the email was sent to an unidentified government organization located in a Commonwealth of Independent States (CIS) country. However, it should be noted that the message was originally sent in June 2024. “The email appeared to be a plain text message containing only an attached document,” the report said said in…
In today’s enterprise, data security is often discussed using a complex vocabulary of acronyms – DLP, DDR, DSPM and many others. While these acronyms stand for important frameworks, architectures, and tools for protecting sensitive information, they can also be confusing to those trying to put together an effective security strategy. This article aims to demystify some of the most important acronyms in data security today and offer practical guidance to help businesses navigate data security and confidently protect their most valuable assets. What ensures data security? In today’s ever-evolving digital landscape, data security has become a top priority for businesses…
October 19, 2024Ravi LakshmananNetwork Security / Data Leakage A nascent threat actor is known as Crypt Ghouls was linked to a series of cyberattacks targeting Russian businesses and government agencies using ransomware with the dual purpose of disrupting business operations and financial gain. “The group in question has a set of tools that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec and others,” Kaspersky said. said. “The group used the well-known LockBit 3.0 and Babuk ransomware as their final payload.” Victims of malicious attacks were state institutions, as well as mining, energy, financial and retail companies located…
October 18, 2024Ravi LakshmananInsider Threat / Cyber Espionage North Korean information technology (IT) workers working for Western companies under false identities are not only stealing intellectual property, but demanding ransoms to keep it from leaking, marking a new twist in their financially motivated attacks. “In some cases, fraudulent workers demanded ransom from their former employers after gaining access to insider information, a tactic not seen in previous schemes,” Secureworks Threat Unit (CTU) said in an analysis published this week. “In one case, a contractor stole proprietary data almost immediately after work began in mid-2024.” The activity, the cybersecurity firm added,…
October 18, 2024Ravi LakshmananCyber Intelligence / Critical Infrastructure Cyber security and intelligence agencies in Australia, Canada and the US have warned of a year-long campaign by Iranian cyber actors to infiltrate organizations’ critical infrastructure through brute force attacks. “Since October 2023, Iranian actors have used brute force and password cracking to compromise user accounts and gain access to health and public health (HPH), government, information technology, engineering, and energy organizations,” the agencies noted. said in joint consultation. The attacks targeted healthcare, government, information technology, engineering and energy, according to the Australian Federal Police (AFP), the Australian Cyber Security Center (ACSC)…