Author: Admin

August 6, 2024Ravi LakshmananAndroid / Malware Users in Russia have been targeted by a previously undocumented Android spyware called LianSpy at least from 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted that it uses Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid dedicated infrastructure and avoid detection. “This threat is designed to capture screencasts, steal user files, and collect call logs and application lists,” security researcher Dmitry Kalinin said in a new technical report published on Monday. It is currently unclear how the spyware is being distributed, but the…

August 6, 2024Ravi LakshmananMobile Security / Vulnerability Google has fixed a serious security flaw affecting the Android kernel that was heavily used in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution affecting the kernel. “There are indications that CVE-2024-36971 may be in limited, targeted exploitation,” the tech giant said noted in its August 2024 Android Security Monthly Bulletin. As is usually the case, the company did not share any additional information about the nature of the cyberattacks exploiting the flaw or attribute the activity to a specific threat actor or group.…

August 6, 2024Ravi LakshmananEnterprise Security / Vulnerability A new zero-day remote code execution pre-authentication vulnerability has been discovered in Apache OFBiz open source enterprise resource planning (ERP) system, which could allow threat actors to achieve remote code execution in affected cases. Tracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. This affects versions of Apache OFBiz prior to 12/18/15. “The root cause of the vulnerability is a flaw in the authentication mechanism,” SonicWall, which discovered and reported the flaw, said in a statement. “This flaw allows an unauthenticated user to access features…

August 5, 2024Ravi LakshmananNetwork Security / Threat Intelligence Organizations in Kazakhstan are the target of the so-called threat cluster Blood wolf which delivers a malware product called LOSS (aka Master Strigoi). “The program, which sells for as little as $80 on the underground resources, allows adversaries to take control of corporate computers and capture prohibited data,” – cyber security vendor BI.ZONE. said in a new analysis. Cyberattackers use phishing emails as the initial access vector, impersonating the Ministry of Finance of the Republic of Kazakhstan and other agencies to force recipients to open PDF attachments. The file purports to be…

August 5, 2024Ravi LakshmananThreat Intelligence / Vulnerability Cybersecurity researchers have discovered design flaws in Microsoft’s Windows Smart App Control and SmartScreen that could allow threat actors to gain initial access to targeted environments without any warning. Intelligent Program Management (SAC) is a cloud-based security feature introduced from Microsoft in Windows 11 to block malicious, untrusted and potentially unwanted programs from running on the system. In cases where the service cannot make a prediction about the application, it checks whether it is signed or has a valid signature in order to be executed. SmartScreen, which was released with Windows 10, is…

August 5, 2024Hacker newsCyber ​​Security / Data Privacy Act The Loper Bright decision produced dramatic results: the Supreme Court overturned forty years of administrative law, leading to potential litigation over the interpretation of ambiguous laws previously enacted by federal agencies. This article explores key questions for cybersecurity professionals and leaders as we enter a more contentious period of cybersecurity legislation. Background What is Loper Bright’s solution? The decision of the US Supreme Court in the case of Loper Bright was overturned Chevron is honored, stating that the courts, not the agencies, will decide all relevant questions of law that arise…

Incident response is a structured approach to managing and resolving security breaches or cyber attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated action to improve preparedness. Improving these areas ensures a quick and effective response, minimizing damage and speeding up recovery. Problems in responding to incidents Incident response presents several challenges that must be addressed to ensure rapid and effective recovery from cyber attacks. The following section lists some of these issues. Timeliness: One of the main challenges in incident response is resolving incidents quickly enough to minimize damage. Delays in response can…

August 5, 2024Ravi LakshmananBrowser Security / Windows Security A China-related threat known as The elusive panda in mid-2023, an unnamed Internet Service Provider (ISP) that pushed malware updates to targeted companies was compromised, highlighting a new level of sophistication associated with the group. Evasive Panda, also known as Bronze Highland, Daggerfly, and StormBamboo, is a cyberespionage group that has been active since at least 2012, using backdoors such as MgBot (aka POCOSTICK) and Nightdoor (aka NetMM and Suzafk) to collect sensitive information. . Most recently, there was a threat to the actor formally attributed to the use of a malicious…

August 5, 2024Ravi LakshmananNetwork Security / Vulnerability A high security bypass vulnerability has been discovered in Rockwell Automation ControlLogix 1756 devices that could be used to execute a common industrial protocol (CIP) programming and configuration commands. A vulnerability that is assigned a CVE identifier CVE-2024-6242has a CVSS v3.1 score of 8.4. “A vulnerability exists in the affected products that could allow a threat actor to bypass the Trusted Slot feature in a ControlLogix controller,” the US Cybersecurity and Infrastructure Security Agency (CISA) said. said in the consulting room. “When using any compromised module in a 1756 chassis, a threat actor…

August 5, 2024Ravi LakshmananMobile Security / Financial Security Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users to steal financial information. “BlankBot has a number of malicious capabilities that include client injection, keylogging, screen recording, and communication with a management server via a WebSocket connection,” Intel 471 said in an analysis published last week. Discovered on July 24, 2024, BlankBot is said to be in active development, with the malware abusing Android Accessibility Services permissions to gain full control over infected devices. The names of some of the malicious APK files containing BlankBot are listed…