Author: Admin
December 27, 2024Ravi LakshmananFirewall Security / Vulnerability Palo Alto Networks has disclosed a high-severity vulnerability that affects the PAN-OS software and could cause a Denial of Service (DoS) condition on sensitive devices. The vulnerability, tracked as CVE-2024-3393 (CVSS score: 8.7), affects PAN-OS versions 10.X and 11.X, as well as Prisma Access with PAN-OS versions. It was addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later versions of PAN-OS. “A denial-of-service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of…
December 27, 2024Ravi LakshmananSoftware Vulnerability / Security The Apache Software Foundation (ASF) has released patches to address a maximum-level vulnerability in the MINA A Java network application framework that can lead to remote code execution under certain conditions. Tracked as CVE-2024-52046the vulnerability has a CVSS score of 10.0. This affects versions 2.0.X, 2.1.X, and 2.2.X. “The ObjectSerializationDecoder in Apache MINA uses Java’s own deserialization protocol to handle incoming serialized data, but it lacks the necessary security checks and safeguards,” project staff said in a recommendation published on December 25, 2024. “This vulnerability allows attackers to exploit the deserialization process by…
December 26, 2024Ravi LakshmananCybercrime / Ransomware A Brazilian national has been indicted in the United States for allegedly threatening to release data stolen in a March 2020 hack of a company’s network. Junior Barros de OliveiraA 29-year-old man from Curitiba, Brazil, was charged with four counts of extortion threats related to information obtained from protected computers and four counts of threatening communications, US Department of Justice (DoJ) said in an unsealed indictment earlier this week. The computers of the named victim, a Brazilian subsidiary of a New Jersey company, were hacked by the defendant, who then used the access to…
December 25, 2024Ravi LakshmananSecurity / Server Vulnerability The Apache Software Foundation (ASF) has provided security updates to address a critical security flaw in the Traffic Management System that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in a database. SQL injection vulnerability, tracked as CVE-2024-45387rated 9.9 out of 10.0 on the CVSS rating system. “Traffic Ops SQL Injection Vulnerability in Apache Traffic Control = 8.0.0 allows a privileged user with the “admin”, “federation”, “operations”, “portal” or “management” roles to execute arbitrary SQL against the database by sending a specially crafted PUT request,” project…
December 25, 2024Ravi LakshmananCloud Security / Vulnerability Cybersecurity researchers have discovered several security flaws in a cloud management platform developed by Ruijie Networks that could allow an attacker to take control of network devices. “These vulnerabilities affect both the Reyee platform and Reyee OS networking devices,” Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. “These vulnerabilities, if exploited, could allow an attacker to execute code on any cloud device, giving them the ability to control tens of thousands of devices.” An operational technology (OT) security company that conducted in-depth research into an Internet of Things (IoT)…
December 25, 2024Ravi LakshmananCyber attack / malware An Iranian nation-state hacking group known as Charming Kitten has been spotted deploying a C++ variant of a well-known malware called BellaCiao. The Russian cyber security company Kaspersky announced the new version BellaCPPsaid it discovered the artifact as part of a “recent” investigation into a hacked machine in Asia that was also infected with the BellaCiao malware. BellaCiao was first documented by Romanian cybersecurity firm Bitdefender in April 2023, describing it as a custom dropper capable of delivering additional payloads. The malware was deployed by a hacker group for cyber attacks targeting the…
December 24, 2024Ravi LakshmananMalware/data theft Cybersecurity researchers have identified two malicious packages that were uploaded to the Python Package Index (PyPI) repository and were equipped with capabilities to steal sensitive information from compromised nodes, reports new findings from Fortinet FortiGuard Labs. Packages, no beautiful and recorder of cometsattracted 118 and 164 downloads each before being taken down. According to ClickPy statistics, a the majority of them loading came from the USA, China, Russia and India. Zebo is “a typical example of malware with features designed for surveillance, data theft, and unauthorized monitoring,” security researcher Jenna Wang said, adding that cometlogger…
December 24, 2024Ravi LakshmananSoftware Vulnerability / Security The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added A high-severity security flaw affecting Acclaim Systems USAHERDS to known vulnerabilities is now fixed (KEV) catalog based on evidence of active exploitation in the wild. The vulnerability in question CVE-2021-44207 (CVSS Score: 8.1), a case of hard-coded static credentials in Acclaim USAHERDS that could allow an attacker to execute arbitrary code on sensitive servers. In particular, this applies to the use of static ValidationKey and DecryptionKey values in versions 7.4.0.1 and earlier, which can be used for remote code execution on the…
December 24, 2024Ravi LakshmananCybercrime / Malware Japanese and U.S. authorities have previously attributed the theft of $308 million worth of cryptocurrency to cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. “The theft is linked to the TraderTraitor threat, which is also tracked as Jade Sleet, UNC4899 and Slow Pisces,” the agencies said. said. “TraderTraitor’s activities are often characterized by targeted social engineering targeting multiple employees of the same company at the same time.” The warning comes courtesy of the US Federal Bureau of Investigation, the Defense Cybercrime Center and the Japanese National Police Service. It should…
December 24, 2024Ravi LakshmananVulnerability / Zero Day The Apache Software Foundation (ASF) has released a security update to address a critical vulnerability in its Tomcat server software that could lead to remote code execution (RCE) under certain conditions. Vulnerability, tracked as CVE-2024-56337was described as incomplete mitigation for CVE-2024-50379 (CVSS Score: 9.8), another critical security flaw in the same product that was previously addressed on December 17, 2024. “Users running Tomcat on a case-insensitive file system with servlet writing enabled by default (read-only initialization parameter set to a non-default value of false) may require additional configuration to fully mitigate CVE-2024-50379, depending…