Author: Admin
November 16, 2024Ravi LakshmananVulnerability / Network Security Palo Alto Networks released new indicators of compromise (IoC) a day after the network security vendor confirmed that a new zero-day vulnerability affecting the PAN-OS firewall management interface is in active use in the wild. To this end, the company said he observed malicious activity originating from the IP addresses below and targeting the PAN-OS web management interface IP addresses accessible over the Internet – 136.144.17(.)* 173.239.218(.)251 216.73.162(.)* The company warned, however, that these IP addresses may represent “third-party VPNs with legitimate user activity originating from these IP addresses to other destinations.” An…
A threat actor known as Brazen bamboo exploited an unaddressed security flaw in Fortinet’s FortiClient for Windows to obtain VPN credentials within a modular framework called DEEPDATA. Volexity, which released the findings on Friday, said it identified a zero-day exploit of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer of DEEPDATA, DEEPPOST, and LightSpy. “DEEPDATA is a modular Windows post-exploitation tool used to collect a wide range of information from target devices,” security researchers Callum Roxon, Charlie Gardner and Paul Rasconieres said Friday. The malware first came to light earlier this week when BlackBerry detailed a…
November 15, 2024Ravi LakshmananCyber espionage / malware Cybersecurity researchers have shed light on a new remote access Trojan and information stealer used by Iranian state-sponsored entities to conduct reconnaissance on compromised endpoints and execute malicious commands. Cyber security company Check Point codenamed the malware WezRatstating that it has been detected in the wild since at least September 1, 2023, based on artifacts uploaded to the VirusTotal platform. “WezRat can execute commands, take screenshots, download files, execute keyloggers, and steal clipboard contents and cookies.” said in the technical report. “Some functions are performed by separate modules obtained from the command and…
November 15, 2024Hacker newsWebinar / Cyber security In a fast-paced digital world, trust is everything, but what happens when that trust is broken? Certificate revocations, while rare, can send shock waves through your operations, impacting security, customer trust, and business continuity. Are you ready to act quickly when the unexpected happens? Join DigiCert’s exclusive webinar, “When the Shift Happens: Are You Ready to Quickly Replace Your Certificate?”and learn how automation, cryptographic agility, and best practices can turn recall challenges into opportunities for growth and sustainability. Here’s what you’ll learn: Recalls Identified: Understand why they happen, their ripple effects, and the…
November 15, 2024Ravi LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have discovered two security flaws in Google’s Vertex machine learning (ML) platform that, if successfully exploited, could allow attackers to elevate privileges and delete models from the cloud. “Using user permissions to work, we were able to elevate our privileges and gain unauthorized access to all data services in the project,” Palo Alto Networks Division 42 researchers Ofir Balasiana and Ofir Shati said in an analysis published earlier this week. “The deployment of the poisoned model in Vertex AI led to the exfiltration of all other fine-tuned models, creating a serious…
November 15, 2024Ravi LakshmananMalware / credential theft A Vietnamese-speaking threat actor has been linked to an information theft campaign targeting government and educational organizations in Europe and Asia with a new Python-based malware called PXA hijacker. Cisco Talos researchers Joey Chen, Alex Carkins, and Chetan Raghuprasad said the malware “targets victims’ sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and game software data.” . said. “PXA Stealer has the ability to decrypt the victim’s browser master password and use it to steal saved credentials of various online accounts” The link to Vietnam…
In recent years, artificial intelligence (AI) has started a revolution in identity access management (IAM), changing the approach to cybersecurity in this important area. The use of artificial intelligence in IAM is to use its analytical capabilities to monitor access patterns and detect anomalies that may indicate a potential security breach. The focus has expanded beyond simple human identity management—autonomous systems, APIs, and connected devices now also enter the realm of AI-powered IAM, creating a dynamic security ecosystem that adapts and evolves in response to complex cyber threats. The role of artificial intelligence and machine learning in IAM Artificial intelligence…
November 15, 2024Ravi LakshmananVulnerability / Database Security Cybersecurity researchers have discovered a serious security flaw in the open-source PostgreSQL database system that could allow unprivileged users to modify environment variables and potentially lead to code execution or information disclosure. Vulnerability, tracked as CVE-2024-10979has a CVSS score of 8.8. Environment variables are user-defined values that can allow a program to dynamically retrieve various kinds of information, such as access keys and software installation paths, at runtime without having to hardcode them. In some operating systems, they are initialized at startup. “Improper handling of environment variables in PostgreSQL PL/Perl allows an unprivileged…
Ilya Lichtenstein, who pleaded guilty was sentenced to five years in prison for hacking the Bitfinex cryptocurrency exchange in 2016, the US Department of Justice announced on Thursday. Liechtenstein that is charged for him attraction in a money laundering scheme this led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange. Heather Rhiannon Morgan, his wife, also pleaded guilty to the same offenses last year. They both were arrested in February 2022 Morgan is scheduled to be sentenced on November 18. “The 35-year-old Lichtenstein hacked the Bitfinex network in 2016…
November 15, 2024Ravi LakshmananNetwork Security / Vulnerability The US Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that two more flaws affecting Palo Alto Networks Expedition have been actively exploited in the wild. Before that there is added vulnerabilities of its known vulnerabilities used (KEV) directory that requires Federal Civilian Executive Branch (FCEB) agencies to apply required updates by December 5, 2024. The security flaws are listed below – CVE-2024-9463 (CVSS Score: 9.9) – Palo Alto Networks Expedition OS command implementation vulnerability CVE-2024-9465 (CVSS Score: 9.3) – SQL injection vulnerability in Palo Alto Networks Expedition Successful exploitation of the…