Author: Admin
November 20, 2024Hacker newsIdentity Security / Cyber Defense Today’s cyber attacks are increasing in frequency and sophistication, making it increasingly difficult for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can quickly use it to move across systems, discovering weaknesses and compromising additional NHIs in minutes. While organizations often need months to detect and contain such breaches, quick detection and response can stop an attack in its tracks. The rise of non-human entities in cyber security By 2025 non-human identities will become the primary attack vector in cyber security. As businesses increasingly…
November 20, 2024Ravi LakshmananLinux / Vulnerability The needrestart package installed by default in Ubuntu Server (starting with version 21.04) discovered a number of ten-year-old security vulnerabilities that could allow a local attacker to gain root privileges without the need for user interaction. Qualys Threat Research Unit (TRU) which detected and reported flaws early last month, said they are trivial to use, requiring users to move quickly to apply fixes. The vulnerabilities are believed to have existed since the introduction of translator support in the need to restart 0.8which was released on April 27, 2014. “These needrestart exploits allow local privilege…
November 20, 2024Ravi LakshmananCyber Espionage / Telecom Security A new cyberespionage group linked to China has been blamed for a series of targeted cyberattacks targeting telecommunications organizations in South Asia and Africa since at least 2020 to ensure intelligence gathering. Cybersecurity company CrowdStrike tracks the adversary by name Liminal pandadescribing him as having an in-depth knowledge of telecommunications networks, the protocols that support telecommunications, and the various interconnections between providers. A threat actor’s malware portfolio includes specialized tools that facilitate covert access, command and control (C2), and data extortion. “Liminal Panda used compromised telecommunications servers to initiate intrusions into other…
November 20, 2024Ravi LakshmananSoftware Security / Vulnerability Oracle is warning that a high-severity security flaw has been exploited in the wild that affects the Agile Product Lifecycle Management (PLM) Framework. Vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), can be used without authentication to leak sensitive information. “This vulnerability can be exploited remotely without authentication, ie. it can be used over the network without the need to enter a username and password,” the message says. said in the advisory. “If successfully exploited, this vulnerability could lead to file disclosure.” CrowdStrike security researchers Joel Snape and Lutz Wolf are credited with discovering…
November 20, 2024Ravi LakshmananZero Day / Vulnerability Apple has released security updates for iOS, iPadOS, macOS, visionOS and its Safari web browser to address two zero-day vulnerabilities that have been widely exploited in the wild. Disadvantages are listed below – CVE-2024-44308 – A vulnerability in JavaScriptCore that could allow arbitrary code execution when processing malicious web content CVE-2024-44309 – A cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack when handling malicious web content The iPhone maker said it addressed CVE-2024-44308 and CVE-2024-44309 with improved checks and improved state management, respectively. Not much is known…
November 19, 2024Ravi LakshmananCloud Security / Piracy Attackers use misconfigured JupyterLab and Jupyter Notebooks to copy streams and enable sports piracy using live stream capture tools. The attacks involve hijacking unauthenticated Jupyter laptops to establish initial access and performing a series of actions aimed at facilitating the illegal streaming of live sports events, Aqua said. the report shared with The Hacker News. A stealth hacking campaign in interactive environments widely used for data science applications has been discovered by a cloud security company after its decoys were attacked. “The attacker first updated the server, then downloaded the tool FFmpeg” -…
The malware, known as Ngioweb, was used to power a notorious residential proxy service called NSOCKS, as well as other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies show. “At least 80% of the NSOCKS bots in our telemetry originate from the Ngioweb botnet, mostly using small office/home office (SOHO) routers and IoT devices,” according to a report by the Black Lotus Labs team at Lumen Technologies. shared in The Hacker News. . “Two-thirds of these proxies are in the US” “On average, there are about 35,000 bots active daily on the network, of which 40% remain…
November 19, 2024Hacker newsInsider Threat / Credential Security Privileged accounts are well-known gateways to potential security threats. However, many organizations focus solely on managing privileged access rather than protecting the accounts and the users they are trusted with. This emphasis is perhaps related to ongoing challenges Privileged Access Management (PAM) deployment. However, as the threat landscape changes, so must organizational priorities. To prevent trust from becoming an issue, the next step in securing privileged access must be a critical focus. In this blog, we explore why managing privileged access alone is not enough and provide actionable information to help you…
Why Italy sells so much spyware It’s interesting analysis: While much attention is paid to the sophisticated zero-click spyware developed by companies such as Israel’s NSO Group, the Italian spyware market has been able to operate relatively unnoticed, specializing in cheaper tools. This was reported by the Ministry of Justice of Italy documentas of December 2022. the country’s law enforcement agencies could rent the spy software for 150 euros per day, regardless of which provider they used, and without the large acquisition costs that would normally be prohibitive. As a result, the Italian authorities have conducted thousands of espionage operations…
Cyber security researchers have shed light on the Linux variant of a relatively new strain of ransomware called Helldown, suggesting that threat actors are broadening the focus of their attack. “Helldown deploys Windows ransomware derived from LockBit 3.0 code” – Sekoia said in a report shared with The Hacker News. “Given the recent development of ransomware targeting ESX, it appears that the group may be evolving its current operations to target virtualized infrastructures via VMware.” Helldown was publicly documented for the first time Halcyon in mid-August 2024. describing it’s like an “aggressive ransomware group” that infiltrates target networks by exploiting…