Author: Admin
January 9, 2025Ravi LakshmananEndpoint Vulnerability / Security Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity flaw that an authenticated attacker could use to gain access to sensitive data. “Several vulnerabilities in the Palo Alto Networks Expedition migration tool could allow an attacker to read the contents of the Expedition database and arbitrary files, and to create and delete arbitrary files on the Expedition system,” the company said in a statement. said in the advisory. “These files include information such as usernames, plaintext passwords, device configurations, and device API…
As SaaS vendors look to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the AI world: shadow AI. Shadow AI refers to the unauthorized use of AI tools and co-pilots within organizations. For example, a developer using ChatGPT to help write code, a salesperson downloading an AI-powered meeting transcription tool, or a customer service representative using Agentic AI to automate tasks—without going through the appropriate channels. When these tools are used without IT or security’s knowledge, they often lack security controls, putting company data at risk. Problems with the detection of…
January 9, 2025Ravi Lakshmanan Cybersecurity researchers have discovered a new, more stealthy version of the macOS-targeting malware called The Banshee Kidnapper. “Once thought to be broken after the source code was leaked in late 2024, this new iteration introduces advanced string encryption inspired by Apple’s XProtect”, Check Point Research said in a new analysis shared with The Hacker News. “This development bypasses antivirus systems, posing a significant risk to more than 100 million macOS users worldwide.” The cybersecurity firm said it discovered the new version in late September 2024, when the malware was distributed using phishing websites and fake GitHub…
January 9, 2025Hacker newsData Protection / Encryption Ransomware isn’t slowing down—it’s getting smarter. Encryption, designed to keep our online lives safe, is now being used by cybercriminals to hide malware, steal data and avoid detection.The result? A 10.3% spike in encrypted attacks over the past year and some of the most shocking ransom payments in history, including a $75 million ransom in 2024. Are you ready to fight back? Join us Emily Lauferdirector of product marketing at Zscaler, for an introductory session, “Preparing for ransomware and encrypted attacks in 2025”, filled with practical ideas and cutting-edge strategies to outsmart these…
January 9, 2025Ravi LakshmananCyber Security / Malware Japan’s National Police Agency (NPA) and the National Cyber Security Strategy and Incident Preparedness Center (NCSC) have accused a China-linked threat actor named MirrorFace of orchestrating an ongoing campaign of attacks against organizations, businesses and individuals in the country since 2019. The main goal of the attack campaign is to steal information related to Japan’s national security and advanced technology, the agency said. MirrorFace, also tracked as Earth Kasha, is believed to be a subset of APT10. It has a track record of systematically attacking Japanese organizations, often using tools such as ANEL,…
January 9, 2025Ravi LakshmananVulnerability / Threat Intelligence Threat actors attempt to take advantage of a newly discovered security flaw that affects GFI KerioControl firewalls that, if successfully exploited, could allow attackers to achieve remote code execution (RCE). The vulnerability under question CVE-2024-52875refers to a carriage return string transmission (CRLF) injection attack, paving the way for Splitting the HTTP responsewhich could lead to a cross-site scripting (XSS) flaw. Successful exploitation of the 1-click RCE flaw allows an attacker to inject malicious input into HTTP response headers by entering carriage return (\r) and line feed (\n) characters. The issue affects KerioControl versions…
January 9, 2025Ravi LakshmananData Privacy / GDPR The European General Court on Wednesday fined the European Commission, the European Union’s main executive body responsible for proposing and enforcing laws for member states, for breaching the bloc’s own data privacy rules. The event marked the first time the Commission had been prosecuted for breaching the region’s strict data protection laws. Court is determined that a “sufficiently serious breach” was committed by transmitting a German citizen’s personal data, including his IP address and web browser metadata, to a Meta server in the United States while visiting the now-defunct website futureu.europa(.)eu in March…
Ivanti warns that from mid-December 2024. a critical security flaw affecting Ivanti Connect Secure, Policy Secure and ZTA Gateways has become actively exploited. Security vulnerability addressed CVE-2025-0282 (CVSS Score: 9.0), stack-based buffer overflow affecting Ivanti Connect Secure before 22.7R2.5, Ivanti Policy Secure before 22.7R1.2, and Ivanti Neurons for ZTA Gateways before 22.7R2.3. “Successful exploitation of CVE-2025-0282 could lead to remote code execution without authentication,” Ivanti said in an advisory. “Threat actor activity was detected by the Integrity Check Tool (ICT) on the same day, allowing Ivanti to respond promptly and quickly develop a fix.” The company also fixed another high-severity…
Cybersecurity researchers have found that attackers continue to find success by spoofing sender email addresses as part of various spam campaigns. Forging the sender address of an email is widely seen as an attempt to make a digital message appear more legitimate and bypass security mechanisms that might otherwise flag it as malicious. While there is guarantees such as DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC) and Sender Policy Framework (SPF), which can be used to prevent spammers from spoofing well-known domains, this increasingly forces them to use old, derelict domains in their activities. In doing…
January 8, 2025Hacker newsMalware / Windows Security Cybersecurity researchers have shed light on a new remote access Trojan called Non-Euclid which allows attackers to remotely control compromised Windows systems. “Developed in C#, the NonEuclid Remote Access Trojan (RAT) is a highly sophisticated malware offering unauthorized remote access with advanced evasion techniques” – Cyfirma said in a technical analysis published last week. “It uses a variety of mechanisms, including antivirus bypass, privilege escalation, anti-detection, and ransomware encryption to target sensitive files.” NonEuclid has been advertised on underground forums since at least late November 2024. with tutorials and discussions of malware discovered…