Author: Admin
January 16, 2025Ravi LakshmananEndpoint Vulnerability / Security Ivanti has rolled out security updates to address several security vulnerabilities affecting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical vulnerabilities that could lead to information disclosure. All four critical vulnerabilities, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM and involve absolute path traversal flaws that allow a remote, unauthenticated attacker to exfiltrate sensitive information. Disadvantages are listed below – CVE-2024-10811 CVE-2024-13161 CVE-2024-13160 and CVE-2024-13159 The vulnerabilities affect EPM versions of the November 2024 security update. and earlier, as well as the SU6 November 2022…
January 16, 2025Ravi LakshmananEndpoint Security / Ransomware Cybersecurity researchers have detailed an attack in which a threat actor used a Python-based backdoor to maintain persistent access to compromised endpoints and then used that access to deploy RansomHub ransomware across the target network. According to GuidePoint Securityinitial access was facilitated by a downloaded JavaScript malware called SocGholish (aka FakeUpdates) which is known to appear distributed with the help of companies that trick unsuspecting users into downloading fake web browser updates. Such attacks are common to attract using legitimate but infected websites to which victims are redirected from search results using search…
January 15, 2025Ravi LakshmananCryptocurrency / Malware The Lazarus Group, linked to North Korea, has been attributed to a new cyber attack campaign called Operation 99 targeting software developers looking for freelance Web3 and cryptocurrency experts to deliver malware. “The campaign starts with fake recruiters posing on platforms like LinkedIn, luring developers with project tests and code reviews,” said Ryan Sherstabitov, SVP of Threat Research and Intelligence at SecurityScorecard. said in a new report released today. “Once the victim takes the bait, they are told to clone a malicious GitLab repository that appears harmless but is filled with disaster. The cloned…
January 15, 2025Ravi LakshmananMalware / Malware Cybersecurity researchers have warned of a new malicious ad campaign that targets individuals and businesses that advertise through Google Ads in an attempt to trick their credentials with fraudulent Google ads. “The scheme is to steal as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages,” said Jerome Segura, senior director of threat intelligence at Malwarebytes. said in a report shared with The Hacker News. It is believed that the ultimate goal of the campaign is to reuse the stolen credentials for further campaigns, as well as…
Why do ICS/OTs need special controls and their own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk. In the rapidly evolving field of cybersecurity, the specific security challenges and needs of industrial control systems (ICS) and operational technology (OT) are distinctly different from traditional IT security. Engineering ICS/OT systems that power critical infrastructure such as power grids, oil and gas processing, heavy manufacturing, food and beverage processing, and water management facilities require customized cybersecurity strategies and controls. This is due to the increasing number of attacks on ICS/OT, their unique operational…
January 15, 2025Ravi LakshmananBlockchain / cryptocurrency Cybersecurity researchers have uncovered infrastructure links between the North Korean threat actors behind IT worker fraud schemes and the 2016 crowdfunding campaign. New evidence suggests that threamoret groups based in Pyongyang may have carried out illegal money-making scams that preceded the exploitation of IT workers, according to the SecureWorks Counter Threat Unit (CTU). the report shared with The Hacker News. The Scheme to defraud IT workerswhich came to light in late 2023, involves North Korean actors company penetration in the West and other parts of the world, secretly seeking work under fake identities to…
January 15, 2025Ravi LakshmananVulnerability / Software Update As many as six security vulnerabilities were disclosed in popular Rsync file synchronization tool for Unix systems, some of which can be used to execute arbitrary code on the client. “Aggresives can take control of a malicious server and read/write arbitrary files from any connected client,” CERT Coordination Center (CERT/CC) said in the advisory. “Confidential data such as SSH keys can be extracted and malicious code can be executed by overwriting files such as ~/.bashrc or ~/.popt.” The disadvantages which include heap buffer overflow, information disclosure, file leak, external directory file write and…
January 15, 2025Ravi LakshmananMalware / Threat Intelligence The US Department of Justice (DoJ) announced on Tuesday that a court-sanctioned operation allowed the Federal Bureau of Investigation (FBI) to remove the PlugX malware from more than 4,250 infected computers as part of a “month-long law enforcement operation.” PlugX, also known as Korplug, is a Remote Access Trojan (RAT) widely used by threat actors associated with the People’s Republic of China (PRC) that enables information theft and remote control of compromised devices. An affidavit The FBI filing notes that the identified PlugX variant is linked to a state-sponsored hacking group called Mustang…
January 15, 2025Ravi LakshmananVulnerability / Server Security Cybersecurity researchers have discovered multiple security flaws in SimpleHelp’s remote access software that could lead to information disclosure, elevation of privilege, and remote code execution. Horizon3.ai researcher Naveen Sankavali, in a technical report describing the findings in detail, said that “vulnerabilities are trivial to undo and exploit.” The list of identified flaws is as follows – CVE-2024-57727 – Unauthenticated traversal vulnerability that allows an attacker to download arbitrary files from a SimpleHelp server, including the serverconfig.xml file that contains hashed passwords for the SimpleHelpAdmin account and other local expert accounts. CVE-2024-57728 – Arbitrary…
Microsoft has kicked off 2025 with a new set of patch totals 161 security system vulnerability across its software portfolio, including three zero-days that were heavily used in attacks. Of the 161 deficiencies, 11 are rated critical, and 149 are critical. Another vulnerability, a non-Microsoft CVE related to Windows Secure Boot Bypass (CVE-2024-7344), has not been assigned any severity. According to Zero Day Initiativethe update marks the highest number of CVEs addressed in a single month since at least 2017. Corrections in addition to seven vulnerabilities the Windows maker has addressed its Chromium-based Edge browser since its release December 2024…