Author: Admin
October 16, 2024Ravi LakshmananData privacy / no password The FIDO Alliance said it is working to create one access keys and other credentials are easier to export between different providers and improve interoperability between credential providers as more than 12 billion online accounts become accessible with a passwordless login method. To this end, the alliance said it has published a project for a a new set of specifications for the secure exchange of credentials according to commitments between members of a credential provider’s special interest group (SIG). This includes 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung and…
October 16, 2024Ravi LakshmananZero-Day / Windows Security The North Korean threat actor known as ScarCruft was linked to exploiting a Windows zero-day patched security flaw to infect devices with malware known as RockRAT. The vulnerability in question CVE-2024-38178 (CVSS Score: 7.5), a memory corruption bug in the scripting engine that could lead to remote code execution when using the Edge browser in Internet Explorer mode. It was patched up from Microsoft as part of the August 2024 Patch Tuesday updates. However, for successful exploitation, an attacker must convince a user to click on a specially crafted URL to start executing…
October 16, 2024Hacker newsArtificial Intelligence / Cybercrime AI from an attacker’s perspective: See how cybercriminals are using AI and exploiting its vulnerabilities to hack systems, users, and even other AI programs Cybercriminals and Artificial Intelligence: Reality vs. Hype “Artificial intelligence will not replace humans in the near future. But people who know how to use artificial intelligence will replace people who don’t know how to use artificial intelligence,” says Etai Maor, the company’s chief security strategist Cato Networks and a founding member Cato CTRL. “Similarly, attackers are also turning to artificial intelligence to augment their own capabilities.” However, the role…
To protect your organization from cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge of new and current threats. There are many methods that analysts can use to gather critical information about cyber threats. Let’s take a look at five that can significantly improve your threat investigation. Turn on C2 IP addresses for accurate malware detection Valuable indicators are the IP addresses used by the malware to communicate with its command and control (C2) servers. They can help not only update your defenses, but also identify relevant infrastructure and tools owned…
October 16, 2024Ravi LakshmananVulnerability / Data Protection The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added critical security flaw affecting SolarWinds Web Help Desk (WHD) software for its known vulnerabilities (KEV) catalog with reference to evidence of active operation. Tracked as CVE-2024-28987 (CVSS Score: 9.1), the vulnerability involves hard-coded credentials that can be abused to gain unauthorized access and make changes. “SolarWinds Web Help contains a hard-coded credentials vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data,” the CISA advisory said. Details were lacking disclosed for the first time SolarWinds in late…
October 16, 2024Ravi LakshmananCyber attack / Banking Trojan A new phishing campaign targeting Brazil has been discovered to be delivering banking malware called Astaroth (aka Guildma) using obfuscated JavaScript to slip past security fences. “The impact of the phishing campaign affected a variety of industries, with manufacturing companies, retail firms, and government agencies the most affected,” Trend Micro said in a new analysis. “Malicious emails often mimic official tax documents, using the urgency of personal income tax returns to trick users into downloading malware.” A cyber security company tracks a cluster of threat activity called Water Makara. It should be…
October 16, 2024Ravi LakshmananEnterprise Security / Vulnerability GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, has a CVS score of 9.5 out of a maximum of 10.0 “An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted claims feature, allowing unauthorized user provisioning and instance access by exploiting an improperly verified cryptographic signature vulnerability in GitHub Enterprise Server,” GitHub said in the notice. The Microsoft-owned company described the flaw as a regression that was introduced…
October 15, 2024Ravi LakshmananFinancial Fraud / Linux North Korean threat actors have been observed using a Linux variant of a well-known malware family called FASTCash for stealing funds as part of a financially motivated campaign. The malware “is installed on payment switches in compromised networks that process card transactions to facilitate unauthorized cash withdrawals from ATMs,” according to security researcher HaxRob. said. FASTCash was documented for the first time by the US government in October 2018, used by adversaries linked to North Korea in connection with an ATM-withdrawal scheme targeting banks in Africa and Asia since at least late 2016.…
October 15, 2024Ravi LakshmananMobile Security / Financial Fraud New variants of an Android banking trojan called TrickMo have been found to contain previously undocumented features to steal a device’s unlock pattern or PIN. “This new addition allows a threat actor to act on a device even if it’s locked,” said Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is named for its association with cybercriminal group TrickBot and is capable of providing remote control of infected devices, as well as stealing SMS-based one-time passwords (OTPs) and displaying overlays…
October 15, 2024Ravi LakshmananMalware / cybercrime Cybersecurity researchers have uncovered a new malware campaign that uses a malware downloader called PureCrypter to deliver a remote access trojan (RAT) called DarkVision RAT. The activity observed by ThreatLabz’s Zscaler in July 2024 involves a multi-step process to deliver the RAT payload. “DarkVision RAT communicates with its command and control server (C2) using a custom network protocol over sockets,” security researcher Muhammad Irfan VA. said in the analysis. “DarkVision RAT supports a wide range of commands and plugins that provide additional capabilities such as keyboard, remote access, password theft, audio recording, and screen…