Author: Admin
November 15, 2024Ravi LakshmananMalware / credential theft A Vietnamese-speaking threat actor has been linked to an information theft campaign targeting government and educational organizations in Europe and Asia with a new Python-based malware called PXA hijacker. Cisco Talos researchers Joey Chen, Alex Carkins, and Chetan Raghuprasad said the malware “targets victims’ sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and game software data.” . said. “PXA Stealer has the ability to decrypt the victim’s browser master password and use it to steal saved credentials of various online accounts” The link to Vietnam…
In recent years, artificial intelligence (AI) has started a revolution in identity access management (IAM), changing the approach to cybersecurity in this important area. The use of artificial intelligence in IAM is to use its analytical capabilities to monitor access patterns and detect anomalies that may indicate a potential security breach. The focus has expanded beyond simple human identity management—autonomous systems, APIs, and connected devices now also enter the realm of AI-powered IAM, creating a dynamic security ecosystem that adapts and evolves in response to complex cyber threats. The role of artificial intelligence and machine learning in IAM Artificial intelligence…
November 15, 2024Ravi LakshmananVulnerability / Database Security Cybersecurity researchers have discovered a serious security flaw in the open-source PostgreSQL database system that could allow unprivileged users to modify environment variables and potentially lead to code execution or information disclosure. Vulnerability, tracked as CVE-2024-10979has a CVSS score of 8.8. Environment variables are user-defined values that can allow a program to dynamically retrieve various kinds of information, such as access keys and software installation paths, at runtime without having to hardcode them. In some operating systems, they are initialized at startup. “Improper handling of environment variables in PostgreSQL PL/Perl allows an unprivileged…
Ilya Lichtenstein, who pleaded guilty was sentenced to five years in prison for hacking the Bitfinex cryptocurrency exchange in 2016, the US Department of Justice announced on Thursday. Liechtenstein that is charged for him attraction in a money laundering scheme this led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange. Heather Rhiannon Morgan, his wife, also pleaded guilty to the same offenses last year. They both were arrested in February 2022 Morgan is scheduled to be sentenced on November 18. “The 35-year-old Lichtenstein hacked the Bitfinex network in 2016…
November 15, 2024Ravi LakshmananNetwork Security / Vulnerability The US Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that two more flaws affecting Palo Alto Networks Expedition have been actively exploited in the wild. Before that there is added vulnerabilities of its known vulnerabilities used (KEV) directory that requires Federal Civilian Executive Branch (FCEB) agencies to apply required updates by December 5, 2024. The security flaws are listed below – CVE-2024-9463 (CVSS Score: 9.9) – Palo Alto Networks Expedition OS command implementation vulnerability CVE-2024-9465 (CVSS Score: 9.3) – SQL injection vulnerability in Palo Alto Networks Expedition Successful exploitation of the…
Several threat actors have been found to use a named attack method Ducks are sitting to hijack legitimate domains for use in phishing attacks and investment fraud schemes for years. The findings Infoblox said that in the past three months, nearly 800,000 vulnerable registered domains were identified, of which approximately 9% (70,000) were compromised. “Cybercriminals have used this vector since 2018 to hijack tens of thousands of domain names,” the cybersecurity company said in a report published on The Hacker News. “Affected domains include well-known brands, nonprofits, and government organizations.” However, the attack vector is little known originally documented by…
November 14, 2024Ravi LakshmananArtificial Intelligence / Cryptocurrency Google has discovered that attackers are using techniques such as landing page cloaking to spoof, pretending to be legitimate sites. “Masking is specifically designed to prevent systems and moderation teams from viewing content that violates policy, allowing them to deploy scams directly to users,” Laurie Richardson, vice president and head of trust and security at Google. said. “Landing pages often mimic well-known sites and create a sense of need to manipulate users into purchasing fake or unreal products.” Masking refers to practice providing various content to search engines such as Google and users…
November 14, 2024Hacker newsData Privacy/Compliance Advertising on TikTok is an obvious choice for any company trying to reach a younger market, especially if it’s a travel company: 44% of Gen Z Americans say they use the platform to plan vacations. But one online travel site targeting young vacationers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured the TikTok pixel on one of its regional sites. Intriguing a new case study shows how the cybersecurity company that discovered the problem prevented a data breach from turning into a costly flood. For a complete case…
November 14, 2024Ravi LakshmananCryptojacking / Threat Intelligence Threat actors have been found to be using a new technique that abuses macOS extended file attributes to smuggle a new malware called RustyAttr. A Singaporean cyber security company has attributed to new activity with moderate credibility for the notorious North Korea-linked Lazarus Group, citing infrastructural and tactical overlaps seen with previous campaigns, including RustBucket. Extended attributes refer to additional metadata associated with files and directories that can be extracted using a special command called xattr. They are often used to store information beyond standard attributes such as file size, timestamps, and permissions.…
November 14, 2024Ravi LakshmananMalware / Vulnerability A recently patched security flaw affecting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russian-linked actor in cyberattacks against Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), is an NTLM hash disclosure spoofing vulnerability that can be exploited to steal a user’s NTLMv2 hash. It was patched up from Microsoft earlier this week. “Minimal user interaction with a malicious file, such as selecting (single-click), inspecting (right-clicking), or performing actions other than opening or executing, could trigger this vulnerability,” Microsoft said in its advisory. Israeli cybersecurity firm ClearSky, which…