Author: Admin
August 12, 2024Ravi LakshmananCritical Infrastructure / Vulnerability Cybersecurity researchers have discovered a series of security flaws in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could allow attackers to cause failures and power outages. “If exploited, these vulnerabilities could allow an attacker to control inverter settings that could disable part of the network, potentially causing outages,” Bitdefender researchers said. said in an analysis published last week. The vulnerabilities were patched by Solarman and Deye as of July 2024 following a responsible disclosure on May 22, 2024. A Romanian cybersecurity vendor that analyzed two PV monitoring and…
August 12, 2024Ravi LakshmananOperational Technology / Network Security Security vulnerabilities have been discovered in the Ewon Cozy+ industrial remote access solution that can be exploited to gain root privileges on devices and orchestrate subsequent attacks. Elevated access can then be used to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even obtain properly signed X.509 VPN certificates for foreign devices to hijack their VPN sessions. “This allows attackers to hijack VPN sessions, which creates significant security risks for Cozy+ users and the surrounding industrial infrastructure,” SySS GmbH security researcher Moritz Abrell. said in a…
August 12, 2024Ravi LakshmananCloud Security / Malware The Russian government and IT organizations are being targeted by a new company that is delivering a series of backdoors and trojans in a phishing campaign codenamed East Wind. Attack chains are characterized by the use of RAR archive attachments containing a Windows Shortcut (LNK) file which, when opened, activates an infection sequence that culminates in the deployment of malware such as GrewApacha, an updated version CloudSorcerer backdoor, and a previously undocumented implant called PlugY. PlugY “is downloaded through the CloudSorcerer backdoor, has an extensive set of commands, and supports three different protocols…
August 11, 2024Ravi LakshmananSupply Chain / Software Security Cybersecurity researchers have discovered a new malicious package in the Python Package Index (PyPI) repository that pretends to be the Solana blockchain platform library, but is actually designed to steal victims’ secrets. “The legitimate Solana Python API project is known as “solana-py” on GitHub, but simply “brine”in the Python software registry, PyPI,” Sonatype researcher Aks Sharma said in a report released last week. “This slight naming discrepancy was exploited by a threat actor who published the ‘solana-py’ project on PyPI.” The malicious package “solana-py” attracted a total of 1,122 downloads since published…
August 10, 2024Ravi LakshmananVulnerability / Mobile Security About 10 security flaws were discovered in Google Quick exchange a data transfer utility for Android and Windows that can be compiled to run a Remote Code Execution (RCE) chain on systems where the software is installed. “The Quick Share app implements its own application-level communication protocol to support file transfers between nearby compatible devices,” SafeBreach Labs researchers Or Yair and Shmuel Cohen said in a technical report shared with The Hacker News. “By investigating how the protocol works, we were able to explain and identify logic within the Quick Share Windows application…
August 10, 2024Ravi LakshmananBrowser Security / Internet Fraud An ongoing, widespread malware campaign has been observed to install fake Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites posing as popular software. “Malware Trojans contain a variety of results, ranging from simple adware extensions that hijack search engines to more sophisticated malicious scripts that deliver local extensions to steal private data and execute various commands,” ReasonLabs research team. said in the analysis. “This malicious Trojan, which has been around since 2021, comes from impersonating download websites with add-ons for online games and videos.” At least 300,000…
August 10, 2024Ravi LakshmananVulnerability / Enterprise Security Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could lead to the unauthorized disclosure of sensitive information to attackers. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office – Microsoft Office 2016 for 32-bit and 64-bit versions Microsoft Office LTSC 2021 for 32-bit and 64-bit Microsoft 365 apps for business for 32-bit and 64-bit systems Microsoft Office 2019 for 32-bit and 64-bit versions Researchers Jim Rush and Metin Yunus Kandemir are credited with discovering and reporting…
August 9, 2024Ravi LakshmananCloud Security / Data Protection Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could lead to serious consequences. “The impact of these vulnerabilities ranges from remote code execution (RCE), full-service user hijacking (which can provide powerful administrative access), manipulation of artificial intelligence modules, exposure of sensitive data, data theft, and denial of service,” it writes Aqua is a cloud security company. according to a detailed report shared by The Hacker News. After making a responsible disclosure in February 2024, Amazon addressed the deficiencies over several months from March…
August 9, 2024Ravi LakshmananVulnerability / Network Security Microsoft on Thursday disclosed four medium-severity security flaws in its open-source OpenVPN software that could be combined to achieve remote code execution (RCE) and local elevation of privilege (LPE). “This chain of attacks can allow attackers to gain complete control over targeted endpoints, potentially leading to data leakage, system compromise, and unauthorized access to sensitive information,” Vladimir Tokarov of the Microsoft Threat Intelligence Community. said. However, the exploit presented by Black Hat USA 2024 requires user authentication and a deep understanding of OpenVPN’s inner workings. The vulnerabilities affect all OpenVPN versions up to…
August 9, 2024Ravi LakshmananIoT Security / Wireless Security Cybersecurity researchers have discovered weaknesses in Sonos smart speakers that could be used by an attacker to secretly eavesdrop on users. The vulnerabilities “resulted in a complete breach of Sonos’ secure download process on a wide range of devices and the ability to remotely hack multiple devices over the air,” NCC Group security researchers Alex Plaskett and Robert Herrera noted. said. Successful exploitation of one of these flaws could allow a remote attacker to secretly capture audio from Sonos devices via a wireless attack. They are affect all versions to Sonos S2…