Author: Admin

August 21, 2024Ravi LakshmananWordPress / Cyber ​​Security A maximum severity security flaw has been discovered in the GiveWP donation and fundraising WordPress plugin that exposes more than 100,000 websites to remote code execution attacks. Tracked as CVE-2024-5932 (CVSS score: 10.0), the bug affects all versions of the plugin up to version 3.14.2, which was released on August 7, 2024. A security researcher with the alias villu164 has been credited with discovering and reporting the issue about her. Plugin “vulnerable to PHP Object Injection in all versions up to and including 3.14.1 via deserialization of untrusted input from the ‘give_title’ parameter,”…

August 20, 2024Ravi LakshmananMobile Security / Bank Fraud Mobile users in the Czech Republic are being targeted by a new phishing campaign that uses a progressive web application (PWA) in an attempt to steal their bank account credentials. According to the Slovak cyber security company ESET, the target of the attacks was the Czech Československá obchodní banka (CSOB), as well as the Hungarian OTP Bank and the Georgian TBC Bank. “Phishing websites targeting iOS instruct victims to add a Progressive Web Application (PWA) to their home screens, while on Android PWAs are installed after validating custom browser pop-ups,” security researcher…

August 20, 2024Hacker newsCyber ​​Security / Cloud Security As cloud infrastructure becomes the backbone of today’s businesses, securing these environments is of paramount importance. With AWS (Amazon Web Services) still the dominant cloud, it’s important for any security professional to know where to look for signs of a breach. AWS CloudTrail stands out as a critical tool for tracking and logging API activity, providing a complete record of activities performed in an AWS account. Think of AWS CloudTrail as an audit or event log for all API calls made in your AWS account. For security professionals, monitoring these logs is…

Since late July 2024, Iranian state-sponsored threat actors have been seen running phishing campaigns targeting a prominent Jewish figure to deliver a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint tracks activity called TA453, which intersects with activity tracked by the broader cybersecurity community under the aliases APT42 (Mandiant), Charming Kitten (CrowdStrike), Damselfly (Symantec), Mint Sandstorm (Microsoft), and Yellow. Garuda (PwC). “The initial interaction was trying to entice the subject to engage with the benign email to build conversation and trust, and then click on the next malicious link,” security researchers Joshua Miller, Georgi Mladenov, Andrew Northern and Greg…

August 20, 2024Ravi LakshmananVulnerability / Container Security Cybersecurity researchers have discovered a security flaw affecting Microsoft’s Azure Kubernetes services that, if successfully exploited, could allow an attacker to elevate privileges and gain access to credentials for services used by the cluster. “An attacker executing a command in a Pod running on a compromised Azure Kubernetes Services cluster can download the configuration used to secure a cluster node, obtain transport layer (TLS) download tokens, and perform a TLS download attack to read all secrets inside the cluster” , Google-owned Mandiant said. Clusters using “Azure CNI” for “Network Configuration” and “Azure” for…

August 20, 2024Ravi LakshmananVulnerability / Threat Intelligence A previously undocumented backdoor called Msupedge was used against a cyber attack targeting an unnamed university in Taiwan. “The most notable feature of this backdoor is that it communicates with the command and control (C&C) server through DNS traffic,” Symantec Threat Hunter team, part of Broadcom, said in a report shared with The Hacker News. The origin of the backdoor is currently unknown, as are the targets of the attack. The initial access vector that likely facilitated the deployment of Msupedge is said to involve exploiting a recently disclosed critical flaw affecting PHP…

August 20, 2024Ravi LakshmananVulnerability / Ransomware The US Cybersecurity and Infrastructure Security Agency (CISA) has added critical security flaw that affects known Jenkins exploited vulnerabilities (KEV) directory after its use in ransomware attacks. Vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that can lead to code execution. “The Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that could allow an attacker to restrict read access to certain files, which could lead to code execution,” CISA said in a statement. It was the first opened By Sonar security researchers in January 2024 and addressed in…

August 20, 2024Ravi LakshmananEnterprise Security / Data Breach Cybersecurity researchers are warning of the discovery of thousands of third-party Oracle NetSuite e-commerce sites that have been found to be vulnerable to leaking sensitive customer information. “A potential issue in the NetSuite SuiteCommerce platform could allow attackers to gain access to sensitive data due to misconfiguration of access controls for custom record types (CRTs),” Aaron Costello of AppOmni said. It should be emphasized here that the problem is not a lack of security in the NetSuite product, but a misconfiguration of the client that can lead to the leakage of sensitive…

August 20, 2024Ravi LakshmananMalware / cyber espionage Cyber ​​security researchers have shed light on a threat known as A blind eagle which has persistently targeted organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries. The targets of these attacks span multiple sectors, including government agencies, financial companies, and energy and oil and gas companies. “Blind Eagle has demonstrated adaptability in shaping the targets of its cyberattacks and the versatility to switch between purely financially motivated attacks and espionage operations,” Kaspersky said. said in Monday’s report. Also referred to as APT-C-36, Blind Eagle appears believed Since at…

August 19, 2024Ravi LakshmananHarmful advertising / Cybercrime Cybersecurity researchers have discovered a spike in malware infections as a result of malicious ad campaigns that distribute a downloader called FakeBat. “These attacks are opportunistic and target users looking for popular business software,” Mandiant Managed Defense Team said in the technical report. “The infection uses an MSIX installer trojan that executes a PowerShell script to download an additional payload.” FakeBatwhich is also called EugenLoader and PaykLoader, is associated with a threat actor named Eugenfest. The Google-owned threat intelligence team is tracking a malware called NUMOZYLOD and has attributed a Malware-as-a-Service (MaaS) operation…