Author: Admin
October 23, 2024Ravi LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have shed light on a new adversarial technique that can be used to crack large language models (LLMs) during interactive conversation by injecting unwanted instructions between benign ones. Codenamed Deceptive Delight, Palo Alto Networks Unit 42 described it as simple and effective, achieving an average attack success rate (ASR) of 64.6% over three rounds of engagement. “Deceptive Delight is a multi-turn technique that engages large language models (LLMs) in an interactive conversation, gradually bypassing their protective fences and forcing them to create dangerous or harmful content,” said Unit 42’s Jay Chen…
Russian-speaking users have been targeted by a new phishing campaign that uses an open-source phishing toolkit called Gophish. DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan called PowerRAT. “The campaign includes modular infection chains, which are Maldoc or HTML-based infections and require victim intervention to start the infection chain,” Chetan Raguprasad, Cisco Talos researcher. said in Tuesday’s analysis. Targeting Russian-speaking users is an estimate derived from the language used in phishing emails, attractive content in malicious documents, links masquerading as Yandex Disk (“disk-yandex(.)ru”), and disguised HTML web pages. like VK, the social network that is predominantly used…
October 22, 2024Ravi LakshmananDocker Security / Cloud Security Bad actors have been observed targeting Docker remote API servers according to Trend Micro’s new findings, to deploy the SRBMiner cryptominer on hacked instances. “In this attack, the actor used a threat gRPC the protocol is over h2c evade security solutions and run their cryptomining operations on a Docker host,” researchers Abdelrahman Esmail and Sunil Bharti said in a technical report published today. “The attacker first checked the availability and version of the Docker API, then proceeds with gRPC/h2c update requests and gRPC methods to manipulate Docker functions.” It all starts with…
October 22, 2024Ravi LakshmananSoftware Vulnerability / Security Details of a fixed security flaw in Styra’s Open Policy Agent have surfaced (OPA), which, if successfully exploited, could lead to a leak of New Technology LAN Manager (NTLM) hashes. “The vulnerability could allow an attacker to pass the NTLM credentials of a local OPA server user account to a remote server, potentially allowing an attacker to relay authentication or crack a password,” cybersecurity firm Tenable wrote. said in a report shared with The Hacker News. The security flaw described as Server Message Block (SMB) Forced Authentication Vulnerability and tracked as CVE-2024-8260 (CVSS…
October 22, 2024Ravi LakshmananVulnerability / supply chain Cybersecurity researchers have discovered a number of suspicious packages published in the npm registry that are designed to harvest Ethereum private keys and gain remote machine access via the Secure Shell (SSH) protocol. The packages attempt to “gain SSH access to the victim’s machine by writing the attacker’s SSH public key to the root user’s authorized_keys file,” software security company Phylum said. said in an analysis published last week. List of packages whose purpose is to pretend to be legitimate a packet of ethersdefined as part of the company, listed as follows -…
October 22, 2024Ravi LakshmananIdentity Management / Security Automation Service accounts are vital to any enterprise that runs automated processes, such as program or script management. However, without proper monitoring, they can pose a significant security risk due to their elevated privileges. This guide will help you find and protect these accounts Active catalog (AD) and learn how Silverfort solutions can help improve your organization’s security. Understanding Security Accounts Service accounts are specialized Active Directory accounts that provide the necessary security context for services running on servers. Unlike user accountsthey are not tied to individuals, but allow services and applications to…
October 22, 2024Ravi LakshmananMalware / Threat Intelligence Two malware families hit after coordinated law enforcement operation called Endgame have reappeared as part of new phishing campaigns. Bumblebee and A thiefwhich are both malware downloaders designed to steal personal data and download and execute additional payloads on compromised hosts. Tracked as BlackWidow, IceNova, Lotus or Unidentified 111, Latrodectus, also considered successor to IcedID due to overlapping infrastructure between the two malware families. It was used in companies associated with two Initial Access Brokers (IABs) known as TA577 (aka Water Curupira) and TA578. A coalition of European countries announced this in May…
October 22, 2024Ravi LakshmananVulnerability / Enterprise Security VMware has released software updates to address an already-patched security flaw in vCenter Server that could open the way for remote code execution. Vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a heap overflow vulnerability in a DCE/RPC protocol implementation. “An attacker with network access to vCenter Server could cause this vulnerability by sending a specially crafted network packet that could potentially lead to remote code execution,” the Broadcom-owned virtualization services provider. said. The flaw was originally reported by zbl and srs of the TZL team at the Matrix Cup cybersecurity competition held…
October 22, 2024Ravi LakshmananVulnerability / Cyber threat The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added critical security flaw that affects ScienceLogic SL1 before its known vulnerabilities (KEV) directory after reports of active operation as day zero. The vulnerability in question is tracked as CVE-2024-9537 (CVSS v4 score: 9.3) refers to a bug in an unspecified third-party component that could lead to remote code execution. The issue has since been fixed in versions 12.1.3, 12.2.3, and 12.3 and later. Fixes were also available for versions 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. The development comes weeks after Rackspace’s cloud…
October 21, 2024Mohit KumarCyber Security / Weekly Summary Hello! Here’s your quick fix on what’s new in cyber security. Hackers are using new techniques to break into systems we thought were secure, such as finding hidden doors in locked homes. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some large companies were affected by the attacks, while others patched their vulnerabilities in time. It’s a constant struggle. For you, staying protected means keeping your devices and apps up to date. In this newsletter, we’ll break down the top news. Whether you’re protecting…