Author: Admin
November 15, 2024Ravi LakshmananNetwork Security / Vulnerability The US Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that two more flaws affecting Palo Alto Networks Expedition have been actively exploited in the wild. Before that there is added vulnerabilities of its known vulnerabilities used (KEV) directory that requires Federal Civilian Executive Branch (FCEB) agencies to apply required updates by December 5, 2024. The security flaws are listed below – CVE-2024-9463 (CVSS Score: 9.9) – Palo Alto Networks Expedition OS command implementation vulnerability CVE-2024-9465 (CVSS Score: 9.3) – SQL injection vulnerability in Palo Alto Networks Expedition Successful exploitation of the…
Several threat actors have been found to use a named attack method Ducks are sitting to hijack legitimate domains for use in phishing attacks and investment fraud schemes for years. The findings Infoblox said that in the past three months, nearly 800,000 vulnerable registered domains were identified, of which approximately 9% (70,000) were compromised. “Cybercriminals have used this vector since 2018 to hijack tens of thousands of domain names,” the cybersecurity company said in a report published on The Hacker News. “Affected domains include well-known brands, nonprofits, and government organizations.” However, the attack vector is little known originally documented by…
November 14, 2024Ravi LakshmananArtificial Intelligence / Cryptocurrency Google has discovered that attackers are using techniques such as landing page cloaking to spoof, pretending to be legitimate sites. “Masking is specifically designed to prevent systems and moderation teams from viewing content that violates policy, allowing them to deploy scams directly to users,” Laurie Richardson, vice president and head of trust and security at Google. said. “Landing pages often mimic well-known sites and create a sense of need to manipulate users into purchasing fake or unreal products.” Masking refers to practice providing various content to search engines such as Google and users…
November 14, 2024Hacker newsData Privacy/Compliance Advertising on TikTok is an obvious choice for any company trying to reach a younger market, especially if it’s a travel company: 44% of Gen Z Americans say they use the platform to plan vacations. But one online travel site targeting young vacationers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured the TikTok pixel on one of its regional sites. Intriguing a new case study shows how the cybersecurity company that discovered the problem prevented a data breach from turning into a costly flood. For a complete case…
November 14, 2024Ravi LakshmananCryptojacking / Threat Intelligence Threat actors have been found to be using a new technique that abuses macOS extended file attributes to smuggle a new malware called RustyAttr. A Singaporean cyber security company has attributed to new activity with moderate credibility for the notorious North Korea-linked Lazarus Group, citing infrastructural and tactical overlaps seen with previous campaigns, including RustBucket. Extended attributes refer to additional metadata associated with files and directories that can be extracted using a special command called xattr. They are often used to store information beyond standard attributes such as file size, timestamps, and permissions.…
November 14, 2024Ravi LakshmananMalware / Vulnerability A recently patched security flaw affecting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russian-linked actor in cyberattacks against Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), is an NTLM hash disclosure spoofing vulnerability that can be exploited to steal a user’s NTLMv2 hash. It was patched up from Microsoft earlier this week. “Minimal user interaction with a malicious file, such as selecting (single-click), inspecting (right-clicking), or performing actions other than opening or executing, could trigger this vulnerability,” Microsoft said in its advisory. Israeli cybersecurity firm ClearSky, which…
November 13, 2024Ravi LakshmananThreat Intelligence / Cyber Espionage A threat entity linked to Hamas has expanded its malicious cyber operations beyond espionage to launch subversive attacks exclusively targeting Israeli organizations. The activity associated with the group named THE MASTERSalso targeting the Palestinian Authority, Jordan, Iraq, Saudi Arabia and Egypt, according to the Check Point analysis. “The (Israel-Hamas) conflict has not disrupted WIRTE’s operations, and they continue to use recent developments in the region in their espionage operations,” the company said in a statement. said. “In addition to espionage, the threat actor has recently engaged in at least two waves of…
Romanian cybersecurity firm Bitdefender has released a free decryptor to help victims recover data encrypted by the ShrinkLocker ransomware. The decoder is the result of a comprehensive analysis of ShrinkLocker’s inner workings, allowing researchers to discover “a specific window of opportunity to recover data immediately after the protectors are removed from BitLocker-encrypted drives.” ShrinkLocker was first documented in May 2024 Kaspersky discovered that the malware was using Microsoft’s proprietary BitLocker utility to encrypt files as part of ransomware attacks targeting Mexico, Indonesia and Jordan. Bitdefender, which investigated the ShrinkLocker incident targeting an unnamed healthcare company in the Middle East, said…
November 13, 2024Hacker newsBrowser Security / SaaS Security The rise of SaaS and cloud-based work environments has significantly changed the cyber risk landscape. With more than 90% of organizational network traffic passing through browsers and web applications, companies are facing serious new cybersecurity threats. This includes phishing attacks, data leaks, and malicious extensions. As a result, the browser also becomes a vulnerability that needs to be protected. LayerX has released a comprehensive guide titled “Start your browser’s security program” This detailed guide serves as a road map for CISOs and security teams looking to secure their organization’s browser operations; including…
November 13, 2024Ravi LakshmananCloud Security / Vulnerability A security analysis of cloud platform OvrC found 10 vulnerabilities that could be linked to allow potential attackers to remotely execute code on connected devices. “Attackers who successfully exploit these vulnerabilities could gain access, control, and compromise OvrC-enabled devices; some of which include smart power supplies, cameras, routers, home automation systems, and more,” Uri Katz, researcher at Claroty. said in the technical report. Snap One’s OvrC, pronounced “oversee,” is touted as a “revolutionary support platform” that allows homeowners and businesses to remotely manage, configure, and troubleshoot IoT devices on their network. According to…