Author: Admin
November 26, 2024Hacker newsPentest / Vulnerability Assessment When CVEs go viral, separating critical vulnerabilities from the noise is critical to protecting your organization. That’s why we built Intruder, the leader in attack surface management Intel – a free vulnerability intelligence platform designed to help you act quickly and prioritize real threats. What is Intel? Intel was created to fill the gap in resources available to track new vulnerabilities. When one of Intruder’s core tools shut down last year, the team set out to create a solution that would not only meet their needs, but also benefit the broader information sector.…
November 26, 2024Ravi LakshmananVulnerability / Cybercrime Russian threat actor known as RomCom was linked to the exploitation of two zero-day security flaws, one in Mozilla Firefox and the other in Microsoft Windows, in attacks aimed at delivering a backdoor of the same name to victim systems. “In a successful attack, when the victim views a web page containing the exploit, the adversary can run arbitrary code – without the need for user interaction (zero click) – which in this case resulted in the RomCom backdoor being installed on the victim’s computer,” it said ESET messages the report shared with The…
November 26, 2024Ravi LakshmananVulnerability / Network Security The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added A critical security flaw affecting Array Networks AG and vxAG Secure Access Gateways is now fixed for known vulnerabilities (KEV) catalog after reports of active exploitation in the wild. Vulnerability, tracked as CVE-2023-28461 (CVSS Score: 9.8) deals with a case of no authentication that can be used to execute arbitrary code remotely. The fixes for the security flaw (version 9.4.0.484) were released by the networking equipment vendor in March 2023. “The Array AG/vxAG remote code execution vulnerability is a web security vulnerability…
November 25, 2024Ravi LakshmananSoftware Supply Chain / Malware The administrators of the Python Package Index (PyPI) repository have quarantined the package “aiocpa” following a new update that included malicious code to steal private keys via Telegram. The package in question described both synchronous and asynchronous Crypto Pay API the client. The pack, originally released in September 2024, has already been downloaded 12,100 times to date. Placing a Python library in quarantine prevents it from being further installed by clients and cannot be modified by its maintainers. Cyber security company Phylum, which general details of the attack on the software supply…
November 25, 2024Ravi LakshmananMobile Security / Privacy Google has introduced a new feature called Recover credentials to help users safely regain access to their third-party app accounts after switching to a new Android device. Part of Android Credential Manager APIthis feature aims to reduce the hassle of re-entering login credentials for each app when switching phones. “With Restore Credentials, apps can seamlessly connect users to their accounts on a new device after they restore their apps and data from their previous device,” Neelansh Sahai of Google said. The tech giant said the process happens automatically in the background when a…
November 25, 2024Ravi LakshmananCloud Security / Supply Chain Attack Cybersecurity researchers have uncovered two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools such as Terraform and HashiCorp’s Open Policy Agent (OPA) that use special domain-oriented languages (DSLs) to hack cloud platforms and extracted data. “Because they’re hard languages with limited capabilities, they should be more secure than standard programming languages, and they really are,” Tenable Senior Security Researcher Shelly Raban said in a technical report published last week. “However, safer does not mean bulletproof.” OPA is a popular open-source policy engine that allows organizations to enforce policies on…
Immerse yourself in the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated techniques to bypass security measures. The evolution of phishing attacks “I really like the saying ‘it’s out of bounds’ no hacker ever said. Whether it’s tricks, techniques or technology, hackers will do anything to avoid detection and ensure their attack is successful.” says Etai Maor, chief security strategist at Cato Networks and member Cato CTRL. Phishing attacks have changed a lot over the years. 15-20 years ago, simple phishing sites were enough to capture the valuable of the time – credit…
November 25, 2024Ravi LakshmananMalware / Windows Security Cybersecurity researchers have discovered a new malicious campaign that uses a technique called Bring Your Own Vulnerable Driver (BEUD) to remove the protection and eventually gain access to the infected system. “This malware takes a more sinister path: it removes the legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to execute its destructive program,” Trellix Security Researcher Trishaan Kalra said in an analysis published last week. “The malware uses the deep access provided by the driver to stop security processes, disable security software, and seize control of the infected system.” The starting point…
November 23, 2024Ravi LakshmananArtificial Intelligence / Cryptocurrency A North Korean-linked individual known as Sapphire Slit is estimated to have stolen more than $10 million worth of cryptocurrency in social engineering campaigns organized over a six-month period. These findings Microsoft said several threat clusters linked to the country were creating fake LinkedIn profiles posing as both recruiters and job seekers in order to generate illicit profits for the sanctioned country. Known to be active since at least 2020, Sapphire Sleet aligns with hacker groups tracked as APT38 and BlueNoroff. In November 2023 a technology giant revealed that the threat actor created…
November 23, 2024Ravi LakshmananCloud Security / Threat Intelligence Government agencies and non-governmental organizations in the United States have been targeted by a Chinese state threat known as Storm 2077. The adversary, which is believed to be active since at least January 2024, has also carried out cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services around the world, Microsoft said. The company added that the cluster of activity coincides with a group of threats that Recorded Future’s Insikt Group tracks as TEG-100. The cybersecurity firm noted back in July that the attack chains are…