Author: Admin
December 19, 2024Ravi LakshmananMisinformation / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has opened that a threat actor it tracks as UAC-0125 is using the Cloudflare Workers service to force military personnel in the country to download malware under the guise of Army+a mobile application that was introduced by the Ministry of Defense back in August 2024 to make the armed forces paperless. Users visiting the fake Cloudflare Workers websites are prompted to download the Army+ for Windows executable file created using the Nullsoft Scriptable installer (NSIS), an open source tool used to create operating system installers. Opening…
December 19, 2024Ravi LakshmananSupply Chain / Software Security Threat actors have been observed downloading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node, which have garnered thousands of downloads in the package registry. Counterfeit versions, no @typescript_eslinter/eslint and species-nodedesigned to load a trojan and produce a stage two payload, respectively. “While typosquatting attacks are hardly new, it’s worth noting the effort nefarious contributors have put into these two libraries to pass them off as legitimate,” Sonatype’s Ax Sharma said in an analysis published Wednesday. “Furthermore, high download numbers for packages like ‘types-node’ are an indication that some developers…
December 19, 2024Ravi LakshmananMalware/botnet Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malware campaign deploying the Mirai botnet malware. The company said it is issuing the advisory after “several customers” reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. “These systems were infected with the Mirai malware and subsequently used as a source of DDOS attacks on other devices accessible through their network,” it said. said. “All affected systems used default passwords.” Miraiwhose source code was published in 2016, has spawned several variants…
December 19, 2024Ravi LakshmananPrivacy / Data Protection The Dutch data protection authority (DPA) on Wednesday fined video-on-demand streaming service Netflix 4.75 million euros ($4.93 million) for not giving consumers enough information about how it used their data during from 2018 to 2020. An investigation launched by the DPA in 2019 found that the tech giant did not make clear enough to customers in its privacy statement about what it does with the data it collects from its users. This includes email addresses, phone numbers, payment information, and information about what customers are viewing on the platform. “Furthermore, customers were not…
December 19, 2024Ravi LakshmananVulnerability / Network Security Fortinet has issued a recommendation for a a critical security flaw is now fixed which affect the Wireless LAN Manager (FortiWLM) which could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, has a CVSS score of 9.6 out of a maximum of 10.0. “Passing a relative path (CWE-23) in FortiWLM could allow a remote, unauthenticated attacker to read sensitive files,” the company said in a statement. said in a warning issued Wednesday. However, according to A description security flaw in NIST’s National Vulnerability Database (NVD), the path traversal vulnerability could…
December 19, 2024Ravi LakshmananCloud Security / Encryption The US Cybersecurity and Infrastructure Security Agency (CISA) issued Mandatory Operational Directive (BOD) 25-01, directing federal civilian agencies to secure their cloud environments and adhere to basic configurations of Secure Cloud Business Applications (SCuBA). “Recent cyber security incidents highlight the significant risks associated with misconfigurations and weak security controls that attackers can use to gain unauthorized access, steal data, or disrupt services,” the agency notes. saidadding that the directive “will further reduce the attack surface of federal government networks.” As part of the 25-01 agency also is recommended to deploy CISA-developed automated configuration…
December 18, 2024Ravi LakshmananSaaS Security / Incident Response BeyondTrust has disclosed details of a critical security flaw in its Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access monitors, manages, and validates privileged accounts and credentials, offering internal, external, and third-party users zero-trust access to on-premises and cloud resources. Remote support allows support staff to securely connect to remote systems and mobile devices. Vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), was described as an instance of team introduction. “A critical vulnerability has been discovered in the Privileged…
December 18, 2024Hacker newsThreat Detection / Endpoint Security For small and medium-sized enterprises (SMEs) and managed service providers, a top priority for cybersecurity managers is keeping the IT environment up and running. To protect against cyber threats and prevent data breaches, it is vital to understand the current cybersecurity vendor landscape and continually evaluate the effectiveness of available solutions. Fortunately, the 2024 MITER ATT&CK Evaluation—the most trusted resource for tracking effective solutions—is now available. this practical guidance distills the main findings and advice on interpreting the results. Cynet was the only vendor to achieve 100% visibility and 100% protection in…
December 18, 2024Ravi LakshmananEmail Security / Cloud Security Cybersecurity researchers have uncovered a new phishing campaign targeting European companies to obtain account credentials and take control of victims’ Microsoft Azure cloud infrastructure. Division 42 of Palo Alto Networks codenamed the company HubPhish for abusing HubSpot’s tools in the attack chain. The targets include at least 20,000 users in the automotive, chemical and industrial industries in Europe. “Company phishing attempts peaked in June 2024 with fake forms created using HubSpot’s Free Form Builder service,” security researchers Shachar Roitman, Ohad Benjamin Maimon, and William Gamazo said in a report shared with The…
December 18, 2024Ravi LakshmananCyber espionage / malware Russia-linked threat actor APT29 has been seen repurposing legitimate red teaming attack methodology as part of cyberattacks using malicious Remote Desktop Protocol (RDP) configuration files. Activities targeting governments and armed forces, think tanks, academic researchers, and Ukrainian organizations entail adopting the “rogue RDP” method that was previously documented Black Hills Information Security in 2022, Trend Micro report says. “A victim of this technique would give partial control of their machine to an attacker, potentially leading to data leakage and the installation of malware,” researchers Feike Hackebord and Steven Hilt said. The cyber security…