Author: Admin

August 22, 2024Ravi LakshmananEnterprise Software / Vulnerability GitHub has released patches to address a set of three security flaws affecting its Enterprise Server product, including one critical bug that can be exploited to gain site administrator privileges. The most serious of the flaws was assigned a CVE ID of CVE-2024-6800 and a CVSS score of 9.5. “On GitHub Enterprise Server instances that use SAML Single Sign-On (SSO) authentication with specific identities that use publicly signed XML merge metadata, an attacker could forge a SAML response to provide and/or gain access to an administrative user account site,” GitHub said in the…

Read More

August 22, 2024Ravi LakshmananWebsite Security / Vulnerability Cybersecurity researchers have discovered a critical security flaw in the LiteSpeed ​​cache a plugin for WordPress that can allow unauthenticated users to gain admin rights. “The plugin suffers from unauthenticated privilege escalation, which allows any unauthenticated visitor to gain administrator-level access, allowing malicious plugins to be downloaded and installed,” Patchstack’s Rafi Muhammad. said in Wednesday’s report. The vulnerability, identified as CVE-2024-28000 (CVSS score: 9.8), was fixed in version 6.4 of the plugin, released on August 13, 2024. It affects all versions of the plugin, including those earlier than 6.3.0.1. LiteSpeed ​​​​Cache is one…

Read More

August 22, 2024Ravi LakshmananBrowser Security / Vulnerability Google has released security patches to address a serious security flaw in its Chrome browser that it says is being actively exploited in the wild. Tracked as CVE-2024-7971The vulnerability was described as a type confusion bug in the V8 JavaScript engine and WebAssembly. “Type confusion in Google Chrome V8 prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page,” the report said. description about the bug in the NIST National Vulnerability Database (NVD). The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) were…

Read More

August 22, 2024Ravi LakshmananDatabase Security / Cryptocurrency Cybersecurity researchers have unpacked a new variant of the malware called PG_MEM, designed to mine cryptocurrency after crudely infiltrating PostgreSQL database instances. “Brute force attacks on Postgres involve repeated attempts to guess database credentials until access is granted, using weak passwords,” – Assaf Morag, Aqua Security Researcher said in the technical report. “Once accessed, attackers can use COPY … FROM SQL PROGRAM command to execute arbitrary shell commands on a host, allowing them to perform malicious actions such as stealing data or deploying malware.” The attack chain observed by the cloud security firm…

Read More

August 21, 2024Ravi LakshmananCyber ​​espionage / malware A new remote access trojan has been invoked MoonPeak was found to be used by North Korea’s state-sponsored threat cluster as part of a new campaign. Cisco Talos attributes the malicious cyber campaign to a hacking group it is tracking as UAT-5394, which it says shows some level of tactical overlap with a known nation-state actor codenamed Kimsuki. MoonPeak, which is actively being developed by the threat, is an open source variant Xeno RAT malware that was previously deployed as part of phishing attacks that are designed to obtain payloads from actor-controlled cloud…

Read More

August 21, 2024Ravi LakshmananSoftware Security / Vulnerability Cybersecurity researchers have discovered a critical security flaw affecting Microsoft’s Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS Score: 8.5), the vulnerability was described as a disclosure bug that results from server-side request forgery (USSR) attack. “An authenticated attacker could bypass server-side request forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network,” Microsoft. said in a recommendation published on August 6, 2024. The tech giant went on to say that the vulnerability has been fixed and does not require any action from…

Read More

August 21, 2024Ravi LakshmananMalware / cryptocurrency Cybersecurity researchers have discovered a new type of macOS malware called TodoSwift that they say shares common features with known malware used by North Korean hacking groups. “This app has some behavior associated with malware we’ve seen originating from North Korea (DPRK) — specifically a threat known as BlueNoroff — such as CANDY CORN and RustBucket”, Kandi security researcher Christopher Lopez said in the analysis. RustBucket, which first appeared in July 2023, refers to an AppleScript-based backdoor capable of receiving next-stage payloads from a Command and Control (C2) server. Late last year, Elastic Security…

Read More

August 21, 2024Ravi LakshmananCyber ​​espionage / threat intelligence In an operational security (OPSEC) breach, the operator behind a new information stealer called Styx Stealer leaked data from his own computer, including customer details, earnings information, nicknames, phone numbers and email addresses. Styx Stealer, derived from Thief of phemedroneis capable of stealing browser data, Telegram and Discord instant messaging sessions, and cryptocurrency wallet information, according to an analysis by cybersecurity firm Check Point. It first appeared in April 2024. “Styx Stealer is likely based on the source code of an older version of Phemedrone Stealer, which lacks some features that newer…

Read More

It won’t be a big revelation to say that SaaS applications have changed the way we work in both our personal and professional lives. We regularly rely on cloud and remote applications to perform our core functions, so the only true perimeter of our networks is the credentials we use to log into these services. Unfortunately, as is often the case, our appetite for improved workflows, collaboration and communication outpaced our willingness to ensure that these tools and processes were secure when we plugged them into our environment, handing over control over the security of our data. Each of these…

Read More

August 21, 2024Ravi LakshmananCyber ​​warfare / threat intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has warned new phishing attacks aimed at infecting devices with malware. The activity was attributed to the threat cluster it tracks as UAC-0020, which is also known as Paradisi. The exact scale and scope of the attacks are still unknown. The chain of attacks begins with phishing messages containing photos of alleged POW(s) from Kursk Oblast, urging recipients to click on a link that points to a ZIP archive. The ZIP file contains a Microsoft Compiled HTML Help (CHM) file that embeds the JavaScript…

Read More