Author: Admin
November 28, 2024Ravi LakshmananIoT Security / Vulnerability Nearly two dozen security vulnerabilities have been discovered in Advantech EKI industrial-grade wireless devices, some of which could be weapons for bypassing authentication and executing code with elevated privileges. “These vulnerabilities pose a significant risk by allowing unauthenticated remote code execution with root privileges, thereby completely compromising the privacy, integrity, and availability of affected devices,” said cybersecurity firm Nozomi Networks. said in the analysis on Wednesday. After responsible disclosure, the vulnerabilities were fixed in the following firmware versions: 1.6.5 (for EKI-6333AC-2G and EKI-6333AC-2GD) 1.2.2 (for EKI-6333AC-1GPO) Six of the 20 vulnerabilities identified were…
November 28, 2024Ravi LakshmananSoftware security / data breach Cybersecurity researchers discovered a software supply chain attack that remained active for more than a year in the npm package registry, starting with an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency from infected systems. Package, no @0xengine/xmlrpcwas originally published on October 2, 2023. as a JavaScript-based XML-RPC server and client for Node.js. To date, it has been downloaded 1790 times and remains available for download from the repository. Checkmarxwho discovered the package said that the malicious code was strategically injected into version 1.3.4 every other…
November 28, 2024Hacker newsCloud Security / Threat Detection Serverless environments using services like AWS Lambda offer incredible benefits in terms of scalability, efficiency, and reduced operational costs. However, securing these environments is extremely difficult. The core of modern serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here’s the problem with that: 1. Logs tell only part of the story Logs can track external activity, but they do not provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function…
November 28, 2024Ravi LakshmananWindows Security / Cryptomining A popular open source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting more than 17,000 systems since at least June 2024. “Cybercriminals used the Godot Engine to execute crafted GDScript code that runs malicious commands and delivers malware,” Check Point reported. said in a new analysis published Wednesday. “The method remains undetected by almost all antivirus engines on VirusTotal.” It’s no surprise that threat actors are constantly looking for new tools and techniques that can help them deliver malware, bypassing security detection, even as…
November 28, 2024Ravi LakshmananNetwork Security / Cyber Espionage US telecommunications service provider T-Mobile said it had recently discovered attempts by attackers to infiltrate its systems in recent weeks, but noted that no sensitive data had been accessed. Those intrusion attempts “came from an ISP’s ISP network that was connected to ours,” said Jeff Simon, T-Mobile’s chief security officer. said in the statement. “We don’t see any previous attempts like this.” Additionally, the company said its security measures prevented threat actors from disrupting its services or obtaining customer information. He has since confirmed that he has disconnected from the unnamed provider’s…
November 27, 2024Ravi LakshmananSoftware Vulnerability / Security A critical security flaw affecting the open-source file-sharing program ProjectSend is likely to be actively exploited in the wild, according to findings by VulnCheck. The vulnerability, originally patched over a year and a half ago as part of a to commit released in May 2023, not officially available until August 2024. along with Release of version r1720. As of November 26, 2024, it has been assigned a CVE ID CVE-2024-11680 (CVSS Score: 9.8). Synacktiv, which reported the flaw to project developers in January 2023, described it as an improper authorization check that would…
Multi-stage cyber attacks, characterized by complex execution chains, are designed to avoid detection and give victims a false sense of security. Knowing how they work is the first step to building a solid defense strategy against them. Let’s look at real-world examples of some of the most common multi-stage attack scenarios in action right now. URLs and other embedded content in documents Attackers often hide malicious links in seemingly legitimate documents, such as PDF or Word files. After opening the document and clicking on the embedded link, users are directed to a malicious website. These sites often use trickery tactics…
November 27, 2024Ravi LakshmananLinux / Malware Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI). butkit intended for Linux systems. Duplicated Butkitty by its creators, who go by the name BlackCat, the butkit is rated as a proof of concept (PoC) and there is no evidence that it has been used in actual attacks. Also tracked as IranuKitit was loaded to the VirusTotal platform on November 5, 2024. “The main purpose of the bootkit is to disable the kernel signature verification feature and preload two as-yet-unknown ELF binaries through the Linux…
November 27, 2024Ravi LakshmananMalware / cyber espionage A threat actor known as APT-C-60 was linked to a cyberattack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. This follows JPCERT/CC findings, which say the intrusion used legitimate services such as Google Drive, Bitbucket and StatCounter. The attack was carried out around August 2024. “In this attack, an email purporting to be from a potential employee was sent to a recruiting contact, infecting the contact with malware,” the agency reported. said. APT-C-60 is an alias appointed a cyberespionage group known to target East…
November 27, 2024Ravi LakshmananCyber Crime / Financial Fraud The Interpol-led operation resulted in the arrest of 1,006 suspects in 19 African countries and the destruction of 134,089 malicious infrastructures and networks as part of a coordinated effort to end cybercrime on the continent. Duplicated Serengetilaw enforcement exercises were held from September 2 to October 31, 2024. and were targeted at criminals behind ransomware, business email breaching (BEC), digital extortion and online fraud. Algeria, Angola, Benin, Cameroon, Ivory Coast, Democratic Republic of Congo, Gabon, Ghana, Kenya, Mauritius, Mozambique, Nigeria, Rwanda, Senegal, South Africa, Tanzania, Tunisia, Zambia, and Zimbabwe participated in the…