Author: Admin
December 31, 2025Ravi LakshmananVulnerability / Incident Response The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to gain remote access to some computers and unclassified documents. “December 8, 2024 third-party software services provider, BeyondTrust, notified the Treasury Department that an attacker gained access to a key used by the provider to secure a cloud service used to remotely provide technical support to the Treasury. Departmental Office (DO) end-users,” the department said in a letter to the Senate Banking, Housing and Urban Affairs Committee. “By gaining access to the stolen key, the…
Cybersecurity researchers have discovered three vulnerabilities in Microsoft’s Azure Data Factory Apache Airflow an integration that, if successfully exploited, could allow an attacker to perform a variety of covert activities, including data theft and malware deployment. “Exploitation of these flaws could allow attackers to gain permanent access as shadow administrators to an entire Airflow Azure Kubernetes Service (AKS) cluster,” Palo Alto Networks Unit 42 said in an analysis published earlier this month. The vulnerabilities, though classified as low severity by Microsoft, are listed below – Incorrectly configured Kubernetes RBAC in Airflow cluster Incorrect configuration of Azure Azure internal service secret…
December 30, 2025Ravi LakshmananCyber Security / Compliance Office for Civil Rights (OCR) of the US Department of Health and Human Services (HHS). proposed new cybersecurity requirements for healthcare organizations to protect patient data from potential cyberattacks. The proposal, which seeks to change the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to strengthen the cybersecurity of critical infrastructure, according to OCR. The rule is intended to strengthen the protection of electronic protected health information (ePHI) by updating the HIPAA Security Rule standards to “better address the ever-increasing cybersecurity threats to the healthcare sector.”…
December 30, 2025Hacker newsBrowser Security / GenAI Security The news made headlines last weekend a broad attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, more than 25 extensions with an installed base of more than two million users have been found to be compromised, and customers are currently working to determine their impact (LayerX, one of the companies involved in protection against malicious extensions, offers a free service to audit and remediate the exposure of organizations – click to register here). While this is not the first attack targeting browser extensions, the…
December 29, 2025Ravi LakshmananEndpoint Protection / Browser Security The new attack campaign targeted popular Chrome browser extensions, leading to the hacking of at least 16 extensions and exposing more than 600,000 users to data exposure and credential theft. The attack targeted browser extension publishers in the Chrome Web Store via a phishing campaign and used their access rights to inject malicious code into legitimate extensions to steal users’ cookies and access tokens. Cybersecurity firm Cyberhaven was the first company exposed. December 27 Cyberhaven opened that the threat actor compromised his browser extension and injected malicious code to communicate with an…
December 28, 2024Ravi LakshmananVulnerability / Threat Intelligence According to new VulnCheck findings, a high-severity flaw affecting select Four-Faith routers is being exploited in the wild. Vulnerability, tracked as CVE-2024-12856 (CVSS Score: 7.2), has been described as an operating system (OS) command implementation bug affecting router models F3x24 and F3x36. The vulnerability is less severe because it only works if a remote attacker can successfully authenticate. However, if the default credentials associated with the routers have not been changed, this may result in unauthenticated OS commands. In the attack detailed by VulnCheck, unknown threat actors were found to use default router…
December 27, 2024Ravi LakshmananCryptocurrency / Cyber Espionage The North Korean threat actors behind the ongoing Contagious Interview campaign have been spotted releasing a new JavaScript malware called OtterCookie. Contagious interview (aka Deceptive development) refers to an ongoing attack campaign that uses social engineering lures, with a hacking team often posing as recruiters to trick potential job seekers into downloading malware under the guise of an interview process. This involves spreading malware programs for video conferencing or Packages npm either hosted on GitHub or in the official package registry, opening the way for malware such as BeaverTail and InvisibleFerret to be…
December 27, 2024Ravi LakshmananCyber attack / data theft A threat actor known as Cloud atlas a previously undocumented malware called VBCloud was seen being used in cyberattack campaigns targeting “several dozen users” in 2024. “Victims are infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malicious code,” Kaspersky researcher Oleg Kupreev said in an analysis published this week. More than 80% of the objects were located in Russia. A smaller number of victims was reported from Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey and Vietnam. Cloud Atlas is also…
December 27, 2024Ravi LakshmananBotnet / DDoS attack Cybersecurity researchers are warning of a surge in malicious activity involving vulnerable D-Link routers in two different botnets, Mirai variant named FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. “These botnets are often propagated through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via the GetDeviceSettings action in the HNAP (Home Network Administration Protocol) interface,” Vincent Lee, researcher at Fortinet FortiGuard Labs. said in Thursday’s analysis. “This HNAP flaw was first discovered nearly a decade ago when numerous devices were affected by various CVE numbers, including CVE-2015-2051, CVE-2019-10891, CVE-2022-37056and…
December 27, 2024Ravi LakshmananFirewall Security / Vulnerability Palo Alto Networks has disclosed a high-severity vulnerability that affects the PAN-OS software and could cause a Denial of Service (DoS) condition on sensitive devices. The vulnerability, tracked as CVE-2024-3393 (CVSS score: 8.7), affects PAN-OS versions 10.X and 11.X, as well as Prisma Access with PAN-OS versions. It was addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later versions of PAN-OS. “A denial-of-service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of…