Author: Admin
January 15, 2025Ravi LakshmananMalware / Threat Intelligence The US Department of Justice (DoJ) announced on Tuesday that a court-sanctioned operation allowed the Federal Bureau of Investigation (FBI) to remove the PlugX malware from more than 4,250 infected computers as part of a “month-long law enforcement operation.” PlugX, also known as Korplug, is a Remote Access Trojan (RAT) widely used by threat actors associated with the People’s Republic of China (PRC) that enables information theft and remote control of compromised devices. An affidavit The FBI filing notes that the identified PlugX variant is linked to a state-sponsored hacking group called Mustang…
January 15, 2025Ravi LakshmananVulnerability / Server Security Cybersecurity researchers have discovered multiple security flaws in SimpleHelp’s remote access software that could lead to information disclosure, elevation of privilege, and remote code execution. Horizon3.ai researcher Naveen Sankavali, in a technical report describing the findings in detail, said that “vulnerabilities are trivial to undo and exploit.” The list of identified flaws is as follows – CVE-2024-57727 – Unauthenticated traversal vulnerability that allows an attacker to download arbitrary files from a SimpleHelp server, including the serverconfig.xml file that contains hashed passwords for the SimpleHelpAdmin account and other local expert accounts. CVE-2024-57728 – Arbitrary…
Microsoft has kicked off 2025 with a new set of patch totals 161 security system vulnerability across its software portfolio, including three zero-days that were heavily used in attacks. Of the 161 deficiencies, 11 are rated critical, and 149 are critical. Another vulnerability, a non-Microsoft CVE related to Windows Secure Boot Bypass (CVE-2024-7344), has not been assigned any severity. According to Zero Day Initiativethe update marks the highest number of CVEs addressed in a single month since at least 2017. Corrections in addition to seven vulnerabilities the Windows maker has addressed its Chromium-based Edge browser since its release December 2024…
January 14, 2025Ravi LakshmananData Vulnerability / Privacy A new study has uncovered a “flaw” in Google’s “Sign in with Google” authentication process that uses features in domain ownership to gain access to sensitive data. “At Google OAuth a login doesn’t protect against someone buying a failed startup’s domain and using it to re-create email accounts for former employees.” Truffle Security Co-Founder and CEO Dylan Airey said in Monday’s report. “And while you can’t access the old email data, you can use those accounts to log into all the different SaaS products that the organization used.” The San Francisco-based company said…
January 14, 2025Ravi LakshmananEndpoint Security / Vulnerability Microsoft has shed light on a patched security flaw in Apple’s macOS that, if successfully exploited, could allow an attacker running as root to bypass the operating system’s system integrity protections (SYPT) and install malicious kernel drivers by downloading third-party kernel extensions. The vulnerability in question CVE-2024-44243 (CVSS Score: 5.5), a moderate bug that was fixed by Apple in the framework macOS Sequoia 15.2 released last month. The iPhone maker described it as a “configuration issue” that could allow a malicious app to modify protected parts of the file system. “Bypassing SIP can…
Russian-linked threat actors have been attributed to an ongoing cyberespionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political intelligence in Central Asia. The campaign was rated as the work of a duplicate set of intrusions UAC-0063which likely intersects with APT28, a nation-state group linked to the Main Intelligence Directorate (GRU) of the Russian General Staff. It is also known as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy and TA422. UAC-0063 bldg documented for the first time by the Ukraine Emergency Response Team (CERT-UA) in…
January 14, 2025Ravi LakshmananVulnerability / Network Security Threat hunters are taking notice of a new campaign targeting Fortinet FortiGate firewalls with management interfaces exposed on the public Internet. “The campaign involved unauthorized administrative logins to firewall management interfaces, creating new accounts, SSL VPN authentication through those accounts, and various other configuration changes,” cyber security firm Arctic Wolf said. said in an analysis published last week. It is believed to be malicious activity started in mid-November 2024. unknown threat actors gained unauthorized access to management interfaces on compromised firewalls to change configurations and obtain credentials using DCSync. The exact initial access…
What do identity risks, data security risks, and third party risks have in common? All of these are greatly exacerbated by the proliferation of SaaS. Each new SaaS account adds a new entity to protect, a new place where sensitive data can end up, and a new source of third-party risk. Find out how you can protect this vast attack surface in 2025. What do identity risks, data security risks, and third party risks have in common? All of these are greatly exacerbated by the proliferation of SaaS. Each new SaaS account adds a new entity to protect, a new…
January 14, 2025Ravi LakshmananCryptocurrency / Internet Scam The online marketplace based on Telegram is known as HuiOne Guarantee, and its providers have collectively received at least $24 billion in cryptocurrency, surpassing the now-defunct Hydra to become the largest illegal online marketplace ever to operate. numbers, released Elliptic, a blockchain analytics company, shows that monthly inflows have increased by 51% since July 2024. Huione Guarantee, part of the Huione group of companies, found himself in the center of attention in the middle of last year, when it was exposed as a hub for online fraudsters touting money-laundering services, stolen data and…
January 14, 2025Ravi LakshmananVulnerability / Cyber Security The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products to its list of known vulnerabilities (KEV) catalog with reference to evidence of active exploitation in the wild. The vulnerability in question CVE-2024-12686 (CVSS Score: 6.6), a moderate vulnerability that could allow an attacker with existing administrative privileges to enter commands and operate as a site user. “BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that could be used by…