Author: Admin
September 4, 2024Ravi Lakshmanan A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been used in the wild in an attempt to infiltrate downstream organizations. Codenamed Revival Hijack, JFrog, a software supply chain security company, said the attack method could be used to hijack 22,000 existing PyPI packages and lead to “hundreds of thousands” of malicious package downloads. These sensitive packages have more than 100,000 downloads or have been active for more than six months. “This attack method involves capturing PyPI software packages by manipulating their ability to be re-registered after they have been removed…
September 4, 2024Ravi LakshmananVulnerability / Network Security Zyxel has released software updates to address a critical security flaw affecting certain versions of access points (APs) and security routers that could lead to the execution of unauthorized commands. Tracked as CVE-2024-7261 (CVSS Score: 9.8), the vulnerability was described as an operating system (OS) command injection case. “Improper neutralization of special elements in the ‘host’ parameters in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device,” Zyxel said. said in the consulting room.…
September 4, 2024Hacker newsSaaS Security / Browser Security Account hijacking attacks have become one of the most persistent and damaging threats to SaaS cloud environments. However, despite significant investment in traditional security measures, many organizations continue to struggle to prevent these attacks. A new report, “Why account hijacking attacks still succeed and why your browser is your secret weapon for stopping them” states that the browser is the primary battleground where account hijacking attacks are deployed and therefore where they must be neutralized. The report also provides effective recommendations to reduce the risk of account hijacking. Below are some of…
September 4, 2024Ravi LakshmananGDPR / Privacy The Dutch Data Protection Authority (DPA) has fined facial recognition firm Clearview AI €30.5 million ($33.7 million) for violating the General Data Protection Regulation (GDPR) in the European Union (EU) by creating “illegal database”. with billions of photos of faces,” including citizens of the Netherlands. “Facial recognition is a very intrusive technology that you can’t just apply to anyone in the world,” Dutch DPA chairman Aleid Wolfsen said in a statement to the press. “If there is a picture of you on the Internet – doesn’t that concern all of us? – then you…
September 4, 2024Ravi LakshmananMalware / Network Security A new malware campaign is spoofing Palo Alto Networks’ GlobalProtect VPN software to deliver a variant of WikiLoader (aka WailingCrab) using a search engine optimization (SEO) campaign. The malware observed in June 2024 is a departure from previously observed tactics where malware was distributed via traditional phishing emails, Unit 42 researchers Mark Lim and Tom Marsden note said. WikiLoader, documented for the first time Proofpoint in August 2023 was attributed to a threat known as TA544 with email attacks using the Danabot and Ursnif malware to deploy. Then in April of this year,…
September 3, 2024Ravi LakshmananEndpoint Security / Malware Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that bears similarities to the now-defunct Black Cat (aka ALPHV) operation. “The Cicada3301 ransomware appears to primarily target small and medium-sized businesses (SMBs), likely through opportunistic attacks that use vulnerabilities as an initial access vector,” cybersecurity firm Morphisec said. said in a technical report shared with The Hacker News. Written in Rust and able to target both Windows and Linux/ESXi hosts, Cicada3301 first appeared in June 2024 inviting potential partners to join their ransomware-as-a-service (RaaS) platform through an advertisement…
September 3, 2024Ravi LakshmananRansomware/Malware A hacktivist group known as Mare’s head was linked to cyber attacks aimed exclusively at organizations located in Russia and Belarus. “Head Mare uses more advanced methods to gain initial access,” Kaspersky said in an analysis of the group’s tactics and tools on Monday. “For example, attackers took advantage of a relatively recent one CVE-2023-38831 a vulnerability in WinRAR that allows an attacker to execute arbitrary code on the system via a specially crafted archive. This approach allows the group to more efficiently deliver and mask malicious payloads.” Head Mare, which has been active since 2023,…
Mobile users in Brazil are being targeted by a new malware campaign that is delivering a new Android banking trojan called Rocinante. “This malware family is able to perform keylogging using the Accessibility Service and can also steal identifying information from its victims using phishing screens, impersonating various banks,” Dutch security firm ThreatFabric said. said. “Finally, it can use all of this filtered information to perform Device Control (DTO) by using Accessibility Service privileges to achieve full remote access to the infected device.” Some of the known malware targets include financial institutions such as Itaú Shop, Santander, with fake programs…
In the digital realm, secrets (API keys, private keys, username/password combinations, etc.) are the keys to the kingdom. But what if those keys were accidentally left exposed in the very tools we use to collaborate every day? A single secret can wreak havoc Imagine this: it’s an ordinary Tuesday in June 2024. Your development team is knee-deep in sprints, Jira tickets are flying, and Slack is buzzing with the usual mix of cat memes and code snippets. What you don’t know is that there’s a ticking time bomb hidden in all this digital chatter – a public account that gives…
Eight vulnerabilities have been discovered in Microsoft’s macOS apps that an attacker could exploit to gain elevated privileges or gain access to sensitive data by circumventing the operating system’s permission-based model, which revolves around transparency, consent and control (TCC) framework. “If successful, the adversary could gain any privileges already granted to the affected Microsoft application,” Cisco Talos said. said. “For example, an attacker can send emails from a user’s account without the user noticing, record audio clips, take photos, or record videos without any interaction with the user.” The vulnerabilities cover various programs such as Outlook, Teams, Word, Excel, PowerPoint,…