Author: Admin
August 14, 2024Ravi LakshmananMalware / Network Security An an ongoing campaign of social engineering with alleged ties to the Black Basta ransomware group, has been linked to “several attempted intrusions” to steal credentials and deploy malware called SystemBC. “The initial bait used by threat actors remains the same: an email bomb followed by an attempt to call affected users and offer a fake solution,” Rapid7. saidadding that “external calls were typically made to affected users through Microsoft Teams.” The attack chain then convinces the user to download and install a legitimate remote access software called AnyDesk, which acts as a…
August 14, 2024Hacker newsPassword Security / Cyber Security Simply relying on traditional password security measures is no longer enough. When it comes to protecting your organization from credential-based attacks, it’s critical to lock down the basics first. Keeping your Active Directory secure is like making sure your front door is locked before investing in a high-end alarm system. Once the basics are covered, look at how to integrate external attack surface management (EASM) can significantly increase the security of your password, offering robust protection against potential cyber threats and hacks. First, secure your Active Directory IT administrators must not only…
A coalition of law enforcement agencies coordinated by the UK’s National Crime Agency (NCA) has led to the arrest and extradition of a Belarusian and a Ukrainian dual national believed to be linked to Russian-speaking cybercriminal groups. 38-year-old Maksim Silnikov (aka Maksim Silnikov) went by the pseudonyms JP Morgan, xxx and lansky on the Internet. He was extradited to the United States from Poland on August 9, 2024 to face charges related to international computer hacking and fraud schemes. “J. Mr Morgan and his associates are elite cybercriminals who practice extreme operational and online security to avoid detection by law…
August 14, 2024Ravi LakshmananThreat Intelligence / Cyber Attack The China-backed threat actor is known as Baku land has diversified its target footprint beyond the Indo-Pacific to include Europe, the Middle East and Africa from late 2022. New countries targeted by the operation include Italy, Germany, the UAE and Qatar, with suspected attacks also detected in Georgia and Romania. Governments, media and communications, telecommunications, technology, healthcare and education are some of the sectors singled out as part of a suite of intrusions. “The group has updated its tools, tactics and procedures (TTP) in recent campaigns by using public applications such as…
August 14, 2024Ravi LakshmananVulnerability / Network Security Ivanti has released security updates for a critical flaw in Virtual Traffic Manager (vTM) that can be used to bypass authentication and create fake administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. “An incorrect implementation of the authentication algorithm in Ivanti vTM, other than versions 22.2R1 or 22.7R2, allows a remote, unauthenticated attacker to bypass admin panel authentication,” the company said in a statement. said in the consulting room. This affects the following versions of vTM − 22.2 (fixed in version 22.2R1)…
Monitoring changing DDoS trends is essential for anticipating threats and adapting defensive strategies. The full Gcore Radar report for the first half of 2024 provides detailed information on DDoS attack data, showing changes in attack patterns and the broader cyber threat landscape. Here we share a selection of findings from the full report. Key conclusions The number of DDoS attacks in the first half of 2024 increased by 46% compared to the same period last year and reached 445 thousand in the second quarter of 2024. Compared to data for the previous six months (3-4 quarters of 2023), it increased…
August 14, 2024Ravi LakshmananWindows Security/Vulnerabilities Microsoft on Tuesday sent patches to address the total number 90 security flawsincluding 10 zero days, six of which were actively exploited in the wild. Of the 90 bugs, seven were rated Critical, 79 were rated Important, and one was rated Medium. This is also in addition to 36 vulnerabilities that the tech giant has decided on its Edge browser since last month. Patch Tuesday’s updates are notable for addressing six actively exploited zero-days – CVE-2024-38189 (CVSS Score: 8.8) – Microsoft Project remote code execution vulnerability CVE-2024-38178 (CVSS Score: 7.5) – A vulnerability in the…
August 13, 2024Ravi LakshmananHealthcare / Vulnerability Cybersecurity researchers have discovered two security flaws in Microsoft’s Azure Health Bot service that, if exploited, could allow malicious actors to achieve lateral movement in a client environment and gain access to sensitive patient data. Critical issues now fixed by Microsoft could have allowed resource access between tenants on the service, Tenable said in a new the report shared with The Hacker News. The Azure AI Health Bot service is a cloud platform enabling developers in healthcare organizations to create and deploy AI-powered virtual healthcare assistants and create co-pilots to manage administrative workloads and…
August 13, 2024Ravi LakshmananVulnerability / hardware security A team of researchers from CISPA’s Helmholtz Center for Information Security in Germany discovered an architectural flaw in the XuanTie C910 and C920 of the Chinese company T-Head. RISC-V CPU which could allow attackers to gain unrestricted access to sensitive devices. The vulnerability was codenamed GhostWrite. This was described as a direct processor bug built into the hardware, as opposed to a side-channel attack or transient execution. “This vulnerability allows an unprivileged attacker, even with limited access, to read and write any part of a computer’s memory and control peripheral devices such as…
August 13, 2024Hacker newsCyber Defense / Compliance Traditionally, the focus has been on protecting against digital threats, such as malware, ransomware and phishing attacks, by detecting and responding to them. However, cyber threats are becoming more sophisticated. There is growing recognition of the importance of measures to stop new attacks before they are recognized. For valuable assets, it is not good enough to have protection, it is essential to have some confidence in the effectiveness of the protection. With software, this kind of assurance is hard work, and this has led to an additional approach called hardsec. What is Hardsec?…