Author: Admin
September 16, 2024Ravi LakshmananCloud Security / Vulnerability A now-fixed critical security flaw affecting Google Cloud Platform (GCP) Composer could be used to achieve remote code execution on cloud servers using a supply chain attack technique called dependency confusion. The vulnerability was given a code name CloudImposer by Tenable Research. “The vulnerability could allow an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline orchestration tool,” security researcher Liv Mattan said in a the report shared with The Hacker News. The dependency confusion (aka substitution attack) that was documented for the first time by…
September 16, 2024Hacker newsPersonal Protection / Incident Response Imagine this… You arrive at work to a chaotic scene. Systems are down, panic is in the air. Guilty? Not a rogue virus, but a compromised individual. There is an attacker inside your walls by pretending to be a trusted user. This is not a horror movie, this is the new reality of cybercrime. The question is, are you prepared? Traditional incident response plans are like old maps in a new world. They focus on malware and network hacking, but today’s criminals are looking for your identity. Stolen credentials and weak access…
September 16, 2024Ravi LakshmananSpy Software / Threat Intelligence Apple has filed a petition to “voluntarily” drop its lawsuit against commercial spyware vendor NSO Group, citing a changing risk landscape that could lead to the exposure of critical “threat analysis” information. There was development reported for the first time writes The Washington Post on Friday. The iPhone maker said its efforts, combined with those of other industry representatives and national governments to combat the rise of commercial spyware, had “significantly weakened” the perpetrators. “At the same time, unfortunately, other attackers have emerged in the commercial spyware industry,” the company said. “It…
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse update entries in HTTP headers to deliver fake email login pages designed to harvest user credentials. “Unlike other methods of distributing phishing web pages through HTML content, these attacks use a response header sent by the server that occurs before the HTML content is processed,” Palo Alto Networks Division 42 researchers Yu Zhang, Zeyu Yu, and Wei Wang said. “Malicious links direct the browser to automatically refresh or immediately reload the web page without requiring user interaction.” Large corporations in South Korea, as well as government agencies and schools in…
September 14, 2024Ravi LakshmananEnterprise Security / Threat Intelligence Ivanti has revealed that a recently patched security flaw in the Cloud Service Appliance (CSA) is being actively exploited in the wild. The high severity vulnerability addressed is CVE-2024-8190 (CVSS Score: 7.2), which allows remote code execution under certain circumstances. “OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier allows an authenticated attacker to obtain remote code execution” — Ivanti noted in an advisory issued earlier this week. “An attacker must have administrator-level privileges to exploit this vulnerability.” The vulnerability affects Ivanti CSA 4.6, which has…
About Bruce SchneierI a public interest technologistwho work at the intersection of security, technology and people. I wrote about security issues on mine blog since 2004 and in my monthly newsletter since 1998. I am a staff member and faculty member at Harvard Kennedy Schoolmember of the board of EFFand head of the security architecture department at Inrupt, Inc. This personal site does not represent the views of any of these organizations. Source link
September 13, 2024Ravi LakshmananSoftware Security / Threat Intelligence Attackers are likely using publicly available proof-of-concept (PoC) exploits for recently discovered security flaws in Progress Software’s WhatsUp Gold to conduct opportunistic attacks. Activity is said to have started on August 30, 2024, just five hours after the PoC was released for CVE-2024-6670 (CVSS Score: 9.8) by security researcher Sina Heirkham of the challenge team, who is also credited with the discovery and reporting CVE-2024-6671 (CVSS scores: 9.8). Both critical vulnerabilities, which allow an unauthenticated attacker to obtain an encrypted user password, were patched up by Progress in mid-August 2024. “The chronology…
September 13, 2024Ravi LakshmananVirtual Reality / Vulnerability Details have emerged of a patched security flaw affecting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow attackers to infer data entered on the device’s virtual keyboard. Attack, dubbing GAZEploitwas assigned the CVE ID CVE-2024-40865. “A New Attack That Can Infer Eye Biometrics from an Avatar Image to Recover Text Typed Using Gaze-Controlled Typing,” by a team of researchers at the University of Florida said. “The GAZEploit attack exploits a vulnerability inherent in gaze-controlled text input when users share a virtual avatar.” After a responsible disclosure, Apple fixed the…
While cyber threats are becoming more sophisticated, the number one attack vector for unauthorized access remains fraudulent credentials (Verizon DBIR, 2024). Addressing this problem addresses more than 80% of your enterprise risks, and a solution is possible. However, most tools available on the market today cannot offer complete protection against this attack vector because they are designed to provide probabilistic protection. Learn more about Beyond Identity’s features that enable us to build deterministic defenses. The problem: Phishing and credential theft Phishing attacks trick users into revealing their credentials through fraudulent websites or messages sent via SMS, email, and/or voice calls.…
September 13, 2024Ravi LakshmananCyber attack / Crime British authorities on Thursday announced the arrest of a 17-year-old man in connection with a cyberattack on Transport for London (TfL). “A 17-year-old male has been arrested on suspicion of breaching the Computer Misuse Act in connection with an attack on TfL on 1 September,” the UK’s National Crime Agency (NCA) said. said. The teenager, from Walsall, is said to have been arrested on September 5, 2024 following an investigation that was launched following the incident. Law enforcement agencies reported that the unnamed person was questioned and later released on bail. “Attacks on…