Author: Admin

November 20, 2024Ravi LakshmananZero Day / Vulnerability Apple has released security updates for iOS, iPadOS, macOS, visionOS and its Safari web browser to address two zero-day vulnerabilities that have been widely exploited in the wild. Disadvantages are listed below – CVE-2024-44308 – A vulnerability in JavaScriptCore that could allow arbitrary code execution when processing malicious web content CVE-2024-44309 – A cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack when handling malicious web content The iPhone maker said it addressed CVE-2024-44308 and CVE-2024-44309 with improved checks and improved state management, respectively. Not much is known…

November 19, 2024Ravi LakshmananCloud Security / Piracy Attackers use misconfigured JupyterLab and Jupyter Notebooks to copy streams and enable sports piracy using live stream capture tools. The attacks involve hijacking unauthenticated Jupyter laptops to establish initial access and performing a series of actions aimed at facilitating the illegal streaming of live sports events, Aqua said. the report shared with The Hacker News. A stealth hacking campaign in interactive environments widely used for data science applications has been discovered by a cloud security company after its decoys were attacked. “The attacker first updated the server, then downloaded the tool FFmpeg” -…

The malware, known as Ngioweb, was used to power a notorious residential proxy service called NSOCKS, as well as other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies show. “At least 80% of the NSOCKS bots in our telemetry originate from the Ngioweb botnet, mostly using small office/home office (SOHO) routers and IoT devices,” according to a report by the Black Lotus Labs team at Lumen Technologies. shared in The Hacker News. . “Two-thirds of these proxies are in the US” “On average, there are about 35,000 bots active daily on the network, of which 40% remain…

November 19, 2024Hacker newsInsider Threat / Credential Security Privileged accounts are well-known gateways to potential security threats. However, many organizations focus solely on managing privileged access rather than protecting the accounts and the users they are trusted with. This emphasis is perhaps related to ongoing challenges Privileged Access Management (PAM) deployment. However, as the threat landscape changes, so must organizational priorities. To prevent trust from becoming an issue, the next step in securing privileged access must be a critical focus. In this blog, we explore why managing privileged access alone is not enough and provide actionable information to help you…

Why Italy sells so much spyware It’s interesting analysis: While much attention is paid to the sophisticated zero-click spyware developed by companies such as Israel’s NSO Group, the Italian spyware market has been able to operate relatively unnoticed, specializing in cheaper tools. This was reported by the Ministry of Justice of Italy documentas of December 2022. the country’s law enforcement agencies could rent the spy software for 150 euros per day, regardless of which provider they used, and without the large acquisition costs that would normally be prohibitive. As a result, the Italian authorities have conducted thousands of espionage operations…

Cyber ​​security researchers have shed light on the Linux variant of a relatively new strain of ransomware called Helldown, suggesting that threat actors are broadening the focus of their attack. “Helldown deploys Windows ransomware derived from LockBit 3.0 code” – Sekoia said in a report shared with The Hacker News. “Given the recent development of ransomware targeting ESX, it appears that the group may be evolving its current operations to target virtualized infrastructures via VMware.” Helldown was publicly documented for the first time Halcyon in mid-August 2024. describing it’s like an “aggressive ransomware group” that infiltrates target networks by exploiting…

US telecommunications giant T-Mobile confirmed that it was also among the companies targeted by Chinese threats to gain access to valuable information. Opponents tracked as Salt typhoonbreached the campaign as part of a “month-long campaign” designed to collect the mobile communications of “high-profile intelligence targets.” It is unclear what, if any, information was obtained during the malicious activity. “T-Mobile is closely monitoring this industry-wide attack, and at this time T-Mobile’s systems and data have not been significantly impacted, and we have no evidence of impact to customer information,” a company spokesperson said. was is quoted as The Wall Street Journal…

November 19, 2024Ravi LakshmananVulnerability / Data Security Patched security flaws affecting Progress Kemp LoadMaster and VMware vCenter Server have been found to be actively exploited in the wild. The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS Score: 10.0), the highest level security vulnerability in Progress Kemp LoadMaster to known vulnerabilities that exploit (KEV) directory. It was addressed by Progress Software back to February 2024. “Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated remote attacker to gain access to the system via the LoadMaster management interface, allowing arbitrary system commands to…

According to research by GitGuardian and CyberArk, 79% of IT leaders reported that they have experienced a secret leakcompared to 75% in the previous year’s report. At the same time, the number of credential leaks has never been greater than There are 12.7 million hard-coded credentials in public GitHub repositories alone. One of the most disturbing aspects of this report is that over 90% of the real secrets found and reported remained valid for more than 5 days. According to studies take an average of 27 days for organizations to fix a credential leak. Combine this with that non-human identities…

November 18, 2024Ravi LakshmananThreat Intelligence / Ransomware Cyber ​​security researchers have shed light on a new stealthy malware loader called BabbleLoader that has been spotted in the wild delivering families of information stealers such as WhiteSnake and Medusa. BabbleLoader is “an extremely evasive bootloader packed with defense mechanisms that is designed to bypass antivirus and sandbox environments to deliver memory theft,” said Intezer security researcher Ryan Robinson said in a report published on Sunday. Evidence shows that the downloader is being used by several companies targeting both English- and Russian-speaking people, primarily targeting users looking for general hacked software, as…