Author: Admin
In recent years, the number and complexity of zero-day vulnerabilities has increased, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be taken, making zero-days a powerful weapon for cybercriminals. A recent example is, for example, CVE-2024-0519 in Google Chrome: This high-severity vulnerability was heavily exploited in the wild and involved an out-of-bounds memory access problem in the V8 JavaScript engine. This allowed remote attackers to gain access…
China’s National Computer Virus Response Center (CVERC) doubled down on claims that the threat, known as Volt Typhoon this is an invention of the USA and its allies. The agency, in cooperation with the National Computer Virus Prevention Technology Laboratory, accused the US federal government, intelligence agencies and the “Five Eyes” countries of cyber espionage against China, France, Germany, Japan and Internet users worldwide. . It also said there was “ironclad evidence” that the US was conducting false flag operations to try to hide its malicious cyber attacks, adding that it was inventing the “so-called danger of Chinese cyber attacks”…
October 15, 2024Ravi LakshmananDetection of threats / malware Cybersecurity researchers have uncovered a new malware campaign that delivers Hijack Loader artifacts signed with legitimate code signing certificates. French cybersecurity firm HarfangLab, which discovered the activity earlier this month, said chain attacks aimed at deploying an information stealer known as Lumma. Hijack bootloaderalso known as DOILoader, IDAT Loader and SHADOWLADDER, first appeared in September 2023. Malware loader attack chains usually involve forcing users to download a binary file disguised as pirated software or movies. Recent variations of these companies have been found to direct users to fake CAPTCHA pages that prompt…
The folks behind the Jetpack WordPress plugin have released a security update to address a critical vulnerability that could allow logged-in users to access forms submitted by others on the site. Owned by WordPress makers Automattic, Jetpack is a an all-in-one plugin. which offers a wide range of tools to improve site security, performance and traffic growth. It is used on 27 million WordPress sites, according to its website. The issue is said to have been discovered by Jetpack during an internal security audit and has persisted since version 3.9.9 released in 2016. The vulnerability resides in the contact form…
October 14, 2024Ravi LakshmananSummary / Cybersecurity Hello, this is your dose for the week”what the hell is going on in cyber security land” – and trust me, you NEED to be in the know this time around. We’ve got everything from zero-day exploits and AI gone rogue to the FBI playing crypto-rights – it’s full of everything they don’t know 🤫 so you know. So let’s get down to business before we get FOMO. ⚡ Threat of the week GoldenJackal hacks air-gapped systems: Meet GoldenJackal, a hacking team you’ve probably never heard of but should definitely know about now. They…
Cybersecurity researchers have discovered that entry points can be abused in various programming ecosystems such as PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to conduct attacks on software supply chains. “Attackers can use these entry points to execute malicious code when certain commands are executed, creating widespread danger in the open source landscape,” Checkmarx researchers Yehuda Gelb and Elad Rapaport said in the report shared with The Hacker News. The software supply chain security company noted that point-of-entry attacks offer threat actors a more cunning and persistent method of breaching systems in a way that bypasses traditional…
October 14, 2024Hacker newsCloud Security / Vulnerability The connection between detection and response (DR) techniques and cloud security has historically been tenuous. As global organizations increasingly move to the cloud, security strategies largely focus on “left shift” practices—protecting code, ensuring the cloud is properly deployed, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning cloud infrastructure, workloads, and even applications. Despite these advanced tools, organizations often need weeks or even months to discover and resolve incidents. Add to that the challenges of tool proliferation, skyrocketing cloud security costs, and massive false…
October 14, 2024Ravi LakshmananNetwork Security / Vulnerability A suspected adversary nation-state has been observed exploiting three zero-day security flaws in the Ivanti Cloud Service Appliance (CSA) to perform a series of malicious actions. This follows findings from Fortinet’s FortiGuard Labs, which said the vulnerabilities were used to gain unauthenticated access to the CSA, enumerate the users configured on the device, and attempt to gain access to those users’ credentials. “Advanced adversaries have been observed exploiting and combining zero-day vulnerabilities to establish access to a foothold on a victim’s network,” security researchers Faisal Abdul Malik Qureshi, John Simmons, Jared Betts, Luca…
October 14, 2024Ravi LakshmananRansomware / Vulnerability Threat actors are actively trying to exploit a patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has tracked a series of attacks over the past month using compromised VPN credentials and CVE-2024-40711 to create a local account and deploy ransomware. CVE-2024-40711 with a CVSS rating of 9.8 out of 10.0 is related to critical vulnerability which allows remote code execution without authentication. This was resolved by Veeam in Backup & Replication version 12.2 in early September 2024. Security researcher Florian Hauser from the…
October 13, 2024Ravi Lakshmanan The Iranian threat actor known as Oil rig A patched privilege escalation flaw affecting the Windows kernel was seen being used in a cyber espionage campaign targeting the UAE and the wider Gulf region. “The group uses sophisticated tactics that include deploying a backdoor that uses Microsoft Exchange servers to steal credentials and exploiting vulnerabilities such as CVE-2024-30088 for elevation of privilege,” Trend Micro researchers Mohamed Fahmi, Bahaa Yamani, Ahmed Kamal and Nick Dye said in an analysis published on Friday. A cyber security company tracks down a pseudonymous threat actor The land of Simnavazwhich is…