Author: Admin
December 12, 2024Ravi LakshmananDevice Vulnerability / Security Details have emerged of a patched security vulnerability in Apple’s iOS and macOS that, if successfully exploited, could bypass transparency, consent and controls (TCC) and lead to unauthorized access to confidential information. Drawback tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, for Apple, and was resolved with improved symlink (symlink) checking in iOS 18, iPadOS 18and macOS Sequoia 15. Jamf Threat Labs, which discovered and reported the flaw, said the TCC bypass could be used by a rogue installed on the system to obtain sensitive data without users’ knowledge. TCC…
December 12, 2024Ravi LakshmananWebsite Security / Vulnerability Attackers are exploiting a critical vulnerability in the Companion plugin for WordPress to install other vulnerable plugins that can open the door to various attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. “This flaw poses a significant security risk as it allows attackers to install vulnerable or closed plugins that can then be used for attacks such as remote code execution (RCE), SQL injection, cross-site scripting (XSS), or even the creation of administrative backdoors,” WPScan said…
December 12, 2024Ravi LakshmananCybercrime / DDoS attack A global law enforcement operation disabled 27 stress services used to launch distributed DDoS attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, took down several downloader and stresser websites, including zdstresser.net, orbitalstress.net and starkstresser.net. These services typically use botnet malware installed on compromised devices to launch attacks on behalf of paying customers against targets they like. In addition, three administrators linked to the illegal platforms were arrested in France and Germany, with more than 300 users identified for…
December 11, 2024Ravi LakshmananCyber espionage / Cyber attack The alleged Chinese threat actor has been linked to a series of cyberattacks targeting prominent organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in a variety of sectors, including government ministries in two different countries, an air traffic control organization, a telecommunications company and the Symantec Threat Hunter Team’s media. said in a new report shared with The Hacker News. The attacks, which used tools previously identified as linked to China’s Advanced Persistent Threat Groups (APTs), are characterized by the use of both open source and…
December 11, 2024Ravi LakshmananMalware / cyber espionage The Russian national-statesman is tracked as Secret blizzard was seen using malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings came from Microsoft’s threat intelligence team, which said that between March and April 2024. observed how an adversary used the Amadey bot malware to download custom malware onto “handpicked” systems linked to the Ukrainian military. The activity is believed to be the second since 2022, when Secret Blizzard, also known as Turla, seized on a cybercrime campaign to distribute its…
December 11, 2024Ravi LakshmananRansomware/Malware Cybersecurity researchers have discovered a new version ZLoader malware that uses a Domain Name System (DNS) tunnel for command-and-control (C2) communication, indicating that threat actors continue to improve the tool after surface restoration a year ago. “Zloader 2.9.4.0 adds notable improvements, including a custom DNS tunneling protocol for C2 communication and an interactive shell that supports more than a dozen commands that can be useful for ransomware attacks” — Zscaler ThreatLabz said in Tuesday’s report. “These modifications provide additional levels of resistance against detection and mitigation.” ZLoaderalso called Terdot, DELoader, or Silent Night, is a malware…
December 11, 2024Ravi LakshmananMalware / Endpoint Security A newly developed technique uses a Windows accessibility system called User Interface Automation (UIA) to perform a wide range of malicious activities without reporting to Endpoint Detection and Response (EDR) solutions. “To exploit this technique, the user must be persuaded to run a program that uses UI automation,” Akamai security researcher Tomer Peled said in the report shared with The Hacker News. “This can lead to covert execution of commands that can collect sensitive data, redirect browsers to phishing websites, and more.” Worse, local attackers can exploit this security blind spot to execute…
December 11, 2024Ravi LakshmananVulnerability / Authentication Cybersecurity researchers have identified a “critical” security vulnerability in Microsoft’s implementation of multi-factor authentication (MFA) that allows an attacker to trivially bypass protections and gain unauthorized access to a victim’s account. “The bypass was simple, taking about an hour to execute, requiring no user interaction, generating no notifications, and giving the account owner no indication of a problem,” Oasis Security researchers Elad Luz and Tal Hassan said in a report shared with The Hacker News. After responsible disclosure, the question is a code name AuthQuake – Microsoft appealed in October 2024. As long as…
Cybersecurity researchers have discovered a new surveillance program believed to be used by police departments in China as a legitimate interception tool to collect a wide range of information from mobile devices. Lookout’s Android tool, codenamed EagleMsgSpy, has been around since at least 2017 with artifacts loaded to the VirusTotal malware scanning platform only on September 25, 2024. “The surveillance software consists of two parts: an APK installer and a surveillance client that runs headless on the device after installation,” Christina Balaam, Lookout’s senior threat intelligence officer, said in a technical the report shared with The Hacker News. “EagleMsgSpy collects…
December 11, 2024Hacker newsSaaS Security / Endpoint Security In today’s highly distributed workplace, every employee has the ability to act as their own CIO, implementing new cloud and SaaS technologies whenever and wherever they want. While this has been a critical boon for productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world’s first and only all-in-one solution SaaS management in one solution: Opening: Gain visibility into your complete SaaS footprint, including GenAI apps, free tools, tenant duplicates, deprecated apps, and more, all on day one. Security: Protect…