Author: Admin
August 8, 2024Ravi LakshmananVulnerability / Network Security A critical security flaw affecting Progress Software’s WhatsUp Gold is seeing active exploit attempts, making it important for users to quickly deploy the latest version. The vulnerability in question CVE-2024-4885 (CVSS Score: 9.8), an unauthenticated remote code execution bug affecting versions of the network monitoring application released prior to 2023.1.3. “WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows you to execute commands with iisapppool\\nmconsole privileges,” the company said in a statement. said in a recommendation published at the end of June 2024. According to security researcher Sina Heirkha of the Summoning Team, the flaw lives in the implementation of…
August 8, 2024Ravi LakshmananCritical Infrastructure / Malware To date, the ransomware known as BlackSuit has demanded up to $500 million in ransoms, with one ransom demand reaching $60 million. This is stated in the updated recommendation of the US Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). “BlackSuit actors have demonstrated a willingness to negotiate payment amounts,” the agency reported. said. “Ransom amounts are not part of the initial ransom message, but require direct interaction with the threat actor via the .onion URL (accessible via the Tor browser) provided after encryption.” Ransomware attacks have…
August 7, 2024Ravi LakshmananEmail Security / Vulnerability Cybersecurity researchers have revealed details of a security flaw in the Roundcube webmail software that can be used to execute malicious JavaScript in a victim’s web browser and steal sensitive account information under certain circumstances. “When a victim views a malicious Roundcube email sent by an attacker, the attacker can execute arbitrary JavaScript in the victim’s browser,” Cybersecurity firm Sonar said in an analysis published this week. “Attackers could exploit the vulnerability to steal a victim’s email, contacts, and email password, and send emails from the victim’s account.” Following a responsible disclosure on…
August 7, 2024Ravi LakshmananLinux / Vulnerability Cybersecurity researchers have shed light on a new Linux kernel exploitation technique called SLUBStik which can be used to increase the vulnerability of a bounded heap to arbitrary memory read and write primitives. “Firstly, it uses the side channel of the allocator time to perform a cross-cache attack reliably,” a group of scientists from the Graz University of Technology. said (PDF). “When specific, using side-channel leaks increases the success rate to 99% for commonly used shared caches.” Memory security vulnerabilities affecting the Linux kernel have limited capabilities and are much more difficult to exploit…
August 7, 2024Ravi LakshmananCyber Security / Incident Response Cyber security company CrowdStrike has published root cause analysis detailing the Falcon Sensor software update failure that crippled millions of Windows devices worldwide. “Channel File 291” incident as originally allocated in its previous post-incident review (PIR), was traced to a content inspection issue that arose after it introduced a new type of template to provide visibility and detect new attack techniques that abuse named pipes and other Windows inter-process communication (IPC). mechanisms. Specifically, it related to problematic cloud-deployed content updates, describing it as a “confluence” of several issues that led to the…
August 7, 2024Ravi LakshmananCloud Security / Cyber Espionage An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra. “GoGra is written in Go and uses the Microsoft Graph API to interact with the control (C&C) server hosted by Microsoft Mail Services,” says Symantec, part of Broadcom. said in a report shared with The Hacker News. It is currently unclear how this is delivered to target environments, GoGra is specifically configured to read messages on behalf of the Outlook user “FNU LNU” whose subject line begins with the word “Input”. The…
August 7, 2024Ravi LakshmananAndroid / Mobile Security, Cyber security researchers have discovered a new technique adopted by threat actors Chameleon An Android banking trojan targeting users in Canada under the guise of a customer relationship management (CRM) program. “Chameleon has been spotted posing as a CRM application targeting an internationally operating Canadian restaurant chain,” – Dutch security service ThreatFabric. said in a technical report published on Monday. The campaign, spotted in July 2024, targeted customers in Canada and Europe, indicating an expansion of its victim footprint from Australia, Italy, Poland and the UK The use of CRM-related themes for malware-laden…
August 7, 2024Ravi LakshmananMalware/program security Apple on Tuesday announced an update to its next-gen version of macOS that makes overriding a bit more difficult for users Goalkeeper protection. A goalkeeper is a the most important line of defense built into macOS, designed to ensure that only trusted programs run on the operating system. When an app is downloaded from outside the App Store and opened for the first time, it verifies that the software is from an identified developer. It also performs checks to ensure that the program is notarized and has not been tampered with to install malware on…
August 6, 2024Ravi LakshmananEmail Security / Financial Fraud INTERPOL said it had developed a “global stop payment mechanism” that helped facilitate the largest-ever recovery of funds stolen in a business email hack (BEC) fraud. This development comes after an unnamed commodity firm based in Singapore fell victim to a BEC scam in mid-July 2024. This refers to a type of cybercrime where an attacker impersonates a trusted person and uses email to trick entities into sending money or disclose confidential information about the company. Such attacks can occur in a number of ways, including gaining unauthorized access to a financial…
August 6, 2024Hacker newsSaaS Security / Threat Detection Everyone loves a double-agent plot twist in a spy movie, but it’s a completely different story when it comes to protecting a company’s data. Intentional or unintentional, insider threats are a legitimate concern. In accordance with CSA research26% of companies that reported a SaaS security incident were impacted by an insider. The challenge for many is to identify these threats before they lead to full-blown breaches. Many security professionals believe that there is nothing they can do to protect themselves from a legitimate managed user logging in with valid credentials using the…