Author: Admin

September 16, 2024Ravi LakshmananSpy Software / Threat Intelligence Apple has filed a petition to “voluntarily” drop its lawsuit against commercial spyware vendor NSO Group, citing a changing risk landscape that could lead to the exposure of critical “threat analysis” information. There was development reported for the first time writes The Washington Post on Friday. The iPhone maker said its efforts, combined with those of other industry representatives and national governments to combat the rise of commercial spyware, had “significantly weakened” the perpetrators. “At the same time, unfortunately, other attackers have emerged in the commercial spyware industry,” the company said. “It…

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse update entries in HTTP headers to deliver fake email login pages designed to harvest user credentials. “Unlike other methods of distributing phishing web pages through HTML content, these attacks use a response header sent by the server that occurs before the HTML content is processed,” Palo Alto Networks Division 42 researchers Yu Zhang, Zeyu Yu, and Wei Wang said. “Malicious links direct the browser to automatically refresh or immediately reload the web page without requiring user interaction.” Large corporations in South Korea, as well as government agencies and schools in…

September 14, 2024Ravi LakshmananEnterprise Security / Threat Intelligence Ivanti has revealed that a recently patched security flaw in the Cloud Service Appliance (CSA) is being actively exploited in the wild. The high severity vulnerability addressed is CVE-2024-8190 (CVSS Score: 7.2), which allows remote code execution under certain circumstances. “OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier allows an authenticated attacker to obtain remote code execution” — Ivanti noted in an advisory issued earlier this week. “An attacker must have administrator-level privileges to exploit this vulnerability.” The vulnerability affects Ivanti CSA 4.6, which has…

About Bruce SchneierI a public interest technologistwho work at the intersection of security, technology and people. I wrote about security issues on mine blog since 2004 and in my monthly newsletter since 1998. I am a staff member and faculty member at Harvard Kennedy Schoolmember of the board of EFFand head of the security architecture department at Inrupt, Inc. This personal site does not represent the views of any of these organizations. Source link

September 13, 2024Ravi LakshmananSoftware Security / Threat Intelligence Attackers are likely using publicly available proof-of-concept (PoC) exploits for recently discovered security flaws in Progress Software’s WhatsUp Gold to conduct opportunistic attacks. Activity is said to have started on August 30, 2024, just five hours after the PoC was released for CVE-2024-6670 (CVSS Score: 9.8) by security researcher Sina Heirkham of the challenge team, who is also credited with the discovery and reporting CVE-2024-6671 (CVSS scores: 9.8). Both critical vulnerabilities, which allow an unauthenticated attacker to obtain an encrypted user password, were patched up by Progress in mid-August 2024. “The chronology…

September 13, 2024Ravi LakshmananVirtual Reality / Vulnerability Details have emerged of a patched security flaw affecting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow attackers to infer data entered on the device’s virtual keyboard. Attack, dubbing GAZEploitwas assigned the CVE ID CVE-2024-40865. “A New Attack That Can Infer Eye Biometrics from an Avatar Image to Recover Text Typed Using Gaze-Controlled Typing,” by a team of researchers at the University of Florida said. “The GAZEploit attack exploits a vulnerability inherent in gaze-controlled text input when users share a virtual avatar.” After a responsible disclosure, Apple fixed the…

While cyber threats are becoming more sophisticated, the number one attack vector for unauthorized access remains fraudulent credentials (Verizon DBIR, 2024). Addressing this problem addresses more than 80% of your enterprise risks, and a solution is possible. However, most tools available on the market today cannot offer complete protection against this attack vector because they are designed to provide probabilistic protection. Learn more about Beyond Identity’s features that enable us to build deterministic defenses. The problem: Phishing and credential theft Phishing attacks trick users into revealing their credentials through fraudulent websites or messages sent via SMS, email, and/or voice calls.…

September 13, 2024Ravi LakshmananCyber ​​attack / Crime British authorities on Thursday announced the arrest of a 17-year-old man in connection with a cyberattack on Transport for London (TfL). “A 17-year-old male has been arrested on suspicion of breaching the Computer Misuse Act in connection with an attack on TfL on 1 September,” the UK’s National Crime Agency (NCA) said. said. The teenager, from Walsall, is said to have been arrested on September 5, 2024 following an investigation that was launched following the incident. Law enforcement agencies reported that the unnamed person was questioned and later released on bail. “Attacks on…

September 13, 2024Ravi LakshmananFinancial Fraud / Mobile Security Cybersecurity researchers have discovered a new variant of an Android banking trojan called TrickMo that comes with new capabilities to evade analysis and display fake login screens to obtain victims’ banking credentials. “Mechanisms include using malformed ZIP files in conjunction with JSONPacker,” Cleafy security researchers Michele Raviello and Alessandro Stryna said. “In addition, the application is installed through a dropper program that uses the same anti-analysis mechanisms.” “These features are designed to avoid detection and prevent cybersecurity professionals from analyzing and destroying malware.” TrickMo, first caught in the wild by CERT-Bund in…

September 13, 2024Ravi LakshmananEnterprise Security / Vulnerability Cybersecurity researchers have discovered a new malware campaign targeting Linux environments to conduct illegal cryptocurrency mining. The activity that makes the Oracle Weblogic server stand out is to deliver duplicate malware Hadukenaccording to cloud security firm Aqua. “When Hadooken is launched, it removes the Tsunami malware and deploys a crypto miner,” security researcher Assaf Moran said. Attack chains exploit known security system vulnerabilities and misconfigurations, such as weak credentials, to gain initial foothold and execute arbitrary code on sensitive instances. This is achieved by running two almost identical payloads, one written in Python…