Author: Admin
August 8, 2024Hacker newsCyber threat management Over the past few years, more than a few new categories of security solutions have emerged in hopes of stemming the never-ending tide of risks. One of these categories is Automated Security Validation (ASV), which provides an attacker perspective on exposure and empowers security teams to continuously test exposure, security measures, and remediation at scale. ASV is a critical element of any cybersecurity strategy, and by providing a clearer picture of potential vulnerabilities and impacts within an organization, security teams can identify weaknesses before they can be exploited. However, relying on ASV alone can…
August 8, 2024Ravi LakshmananWindows Security/Vulnerabilities Microsoft said it is developing security updates to address two vulnerabilities it says could be used to launch attacks to downgrade the Windows Update architecture and replace current versions of Windows files with older versions. The vulnerabilities are listed below – CVE-2024-38202 (CVSS Score: 7.3) – Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302 (CVSS Score: 6.7) – Elevation of privilege vulnerability in Windows Secure Kernel Mode The detection and reporting of flaws belongs to SafeBreach Labs researcher Alon Leviev, who presented the findings on Black Hat USA 2024 and DEF CON 32. CVE-2024-38202, which…
August 8, 2024Hacker newsArtificial Intelligence / Network Security An exciting experience this September in Las Vegas!In an era of constant cyber security threats and rapid technological progress, staying ahead of the curve is not just a necessity, it’s very important. The SANS Institute, the world’s leading authority on cyber security training, is pleased to announce Network Security 2024, a landmark event designed to provide cybersecurity professionals with groundbreaking skills, knowledge and insights. Taking place September 4-9, 2024 at Caesars Palace in Las Vegas and online, the event promises to be an unparalleled learning experience and networking opportunity. ensuring accessibility for…
August 8, 2024Ravi LakshmananVulnerability / Network Security A critical security flaw affecting Progress Software’s WhatsUp Gold is seeing active exploit attempts, making it important for users to quickly deploy the latest version. The vulnerability in question CVE-2024-4885 (CVSS Score: 9.8), an unauthenticated remote code execution bug affecting versions of the network monitoring application released prior to 2023.1.3. “WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows you to execute commands with iisapppool\\nmconsole privileges,” the company said in a statement. said in a recommendation published at the end of June 2024. According to security researcher Sina Heirkha of the Summoning Team, the flaw lives in the implementation of…
August 8, 2024Ravi LakshmananCritical Infrastructure / Malware To date, the ransomware known as BlackSuit has demanded up to $500 million in ransoms, with one ransom demand reaching $60 million. This is stated in the updated recommendation of the US Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). “BlackSuit actors have demonstrated a willingness to negotiate payment amounts,” the agency reported. said. “Ransom amounts are not part of the initial ransom message, but require direct interaction with the threat actor via the .onion URL (accessible via the Tor browser) provided after encryption.” Ransomware attacks have…
August 7, 2024Ravi LakshmananEmail Security / Vulnerability Cybersecurity researchers have revealed details of a security flaw in the Roundcube webmail software that can be used to execute malicious JavaScript in a victim’s web browser and steal sensitive account information under certain circumstances. “When a victim views a malicious Roundcube email sent by an attacker, the attacker can execute arbitrary JavaScript in the victim’s browser,” Cybersecurity firm Sonar said in an analysis published this week. “Attackers could exploit the vulnerability to steal a victim’s email, contacts, and email password, and send emails from the victim’s account.” Following a responsible disclosure on…
August 7, 2024Ravi LakshmananLinux / Vulnerability Cybersecurity researchers have shed light on a new Linux kernel exploitation technique called SLUBStik which can be used to increase the vulnerability of a bounded heap to arbitrary memory read and write primitives. “Firstly, it uses the side channel of the allocator time to perform a cross-cache attack reliably,” a group of scientists from the Graz University of Technology. said (PDF). “When specific, using side-channel leaks increases the success rate to 99% for commonly used shared caches.” Memory security vulnerabilities affecting the Linux kernel have limited capabilities and are much more difficult to exploit…
August 7, 2024Ravi LakshmananCyber Security / Incident Response Cyber security company CrowdStrike has published root cause analysis detailing the Falcon Sensor software update failure that crippled millions of Windows devices worldwide. “Channel File 291” incident as originally allocated in its previous post-incident review (PIR), was traced to a content inspection issue that arose after it introduced a new type of template to provide visibility and detect new attack techniques that abuse named pipes and other Windows inter-process communication (IPC). mechanisms. Specifically, it related to problematic cloud-deployed content updates, describing it as a “confluence” of several issues that led to the…
August 7, 2024Ravi LakshmananCloud Security / Cyber Espionage An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra. “GoGra is written in Go and uses the Microsoft Graph API to interact with the control (C&C) server hosted by Microsoft Mail Services,” says Symantec, part of Broadcom. said in a report shared with The Hacker News. It is currently unclear how this is delivered to target environments, GoGra is specifically configured to read messages on behalf of the Outlook user “FNU LNU” whose subject line begins with the word “Input”. The…
August 7, 2024Ravi LakshmananAndroid / Mobile Security, Cyber security researchers have discovered a new technique adopted by threat actors Chameleon An Android banking trojan targeting users in Canada under the guise of a customer relationship management (CRM) program. “Chameleon has been spotted posing as a CRM application targeting an internationally operating Canadian restaurant chain,” – Dutch security service ThreatFabric. said in a technical report published on Monday. The campaign, spotted in July 2024, targeted customers in Canada and Europe, indicating an expansion of its victim footprint from Australia, Italy, Poland and the UK The use of CRM-related themes for malware-laden…