Author: Admin
January 2, 2025Hacker newsCloud Security / Threat Intelligence last year, cross-domain attacks gained notoriety as a new tactic among opponents. These operations exploit weaknesses in multiple domains, including endpoints, identity systems, and cloud environments, to allow an adversary to penetrate organizations, move sideways, and avoid detection. eCrime groups like SCATTERED SPIDER and adversaries of the North Korea-Nexus such as THE FAMOUS CHOLIMA exemplifies the use of cross-domain tactics, using advanced techniques to exploit security gaps in interconnected environments. The basis of these attacks is built around the use of legitimate entities. Today’s adversaries no longer “break in”; they “log in”…
Cybersecurity researchers discovered a malicious package in the npm package registry that pretends to be a library for detecting vulnerabilities in Ethereum smart contracts, but actually drops an open-source remote access trojan called Quasar RAT onto developer systems. A highly confusing package called ethereumvulncontracthandlerwas published to npm on Dec 18, 2024. by a user named “solidit-dev-416”. At the time of writing, it is still available for download. It was downloaded 66 times to date. “Once installed, it retrieves a malicious script from a remote server, executing it silently to deploy the RAT on Windows systems,” Socket security researcher Kirill Boichenko…
January 1, 2025Ravi LakshmananInternet Security / Vulnerability Threat Hunters have disclosed a new “widespread class of time-based vulnerability” that exploits double click sequence to facilitate clickjacking attacks and account hijacking on almost all major sites. The equipment received a code name DoubleClickjacking security researcher Pavlos Ibela. “Instead of relying on a single click, it uses a double-click sequence,” Yibelo said. “While this may seem like a small change, it opens the door to new UI manipulation attacks that bypass all known click defenses, including the X-Frame-Options header or SameSite: Lax/Strict cookies.” Clickjackingalso called UI masking, refers to an attack method…
Iranian and Russian organizations sanctioned for election meddling using artificial intelligence and cyber tactics
January 1, 2025Ravi LakshmananGenerative AI / Intervention in choice The US Treasury Department’s Office of Foreign Assets Control (OFAC) on Tuesday imposed sanctions on two organizations in Iran and Russia for their efforts to interfere in the November 2024 presidential election. The feds said the organizations – an affiliate of Iran’s Islamic Revolutionary Guard Corps and the Moscow branch of Russia’s General Intelligence Directorate (GRU) – sought to influence the election and divide the American people through targeted disinformation campaigns. “As affiliates of KIEV and the GRU, these entities aimed to inflame socio-political tensions and influence the American electorate during…
A new rule by the US Department of Justice stops bulk data transfers to rival countries to protect privacy
December 31, 2024Ravi LakshmananData Security / Privacy The US Department of Justice (DoJ) has issued a final rule implementing Executive Order (EO) 14117, which prevents the bulk transfer of personal data of citizens to countries such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia and Venezuela . “This final rule is an important step forward in combating the extreme threat to national security posed by our adversaries who are exploiting Americans’ most sensitive personal data,” said Assistant Attorney General Matthew G. Olsen of the Department of Justice’s National Security Division. “This powerful new national security program…
December 31, 2025Ravi LakshmananVulnerability / Incident Response The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to gain remote access to some computers and unclassified documents. “December 8, 2024 third-party software services provider, BeyondTrust, notified the Treasury Department that an attacker gained access to a key used by the provider to secure a cloud service used to remotely provide technical support to the Treasury. Departmental Office (DO) end-users,” the department said in a letter to the Senate Banking, Housing and Urban Affairs Committee. “By gaining access to the stolen key, the…
A misconfigured Kubernetes RBAC in Azure Airflow can expose the entire cluster to exploitation
Cybersecurity researchers have discovered three vulnerabilities in Microsoft’s Azure Data Factory Apache Airflow an integration that, if successfully exploited, could allow an attacker to perform a variety of covert activities, including data theft and malware deployment. “Exploitation of these flaws could allow attackers to gain permanent access as shadow administrators to an entire Airflow Azure Kubernetes Service (AKS) cluster,” Palo Alto Networks Unit 42 said in an analysis published earlier this month. The vulnerabilities, though classified as low severity by Microsoft, are listed below – Incorrectly configured Kubernetes RBAC in Airflow cluster Incorrect configuration of Azure Azure internal service secret…
December 30, 2025Ravi LakshmananCyber Security / Compliance Office for Civil Rights (OCR) of the US Department of Health and Human Services (HHS). proposed new cybersecurity requirements for healthcare organizations to protect patient data from potential cyberattacks. The proposal, which seeks to change the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to strengthen the cybersecurity of critical infrastructure, according to OCR. The rule is intended to strengthen the protection of electronic protected health information (ePHI) by updating the HIPAA Security Rule standards to “better address the ever-increasing cybersecurity threats to the healthcare sector.”…
December 30, 2025Hacker newsBrowser Security / GenAI Security The news made headlines last weekend a broad attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, more than 25 extensions with an installed base of more than two million users have been found to be compromised, and customers are currently working to determine their impact (LayerX, one of the companies involved in protection against malicious extensions, offers a free service to audit and remediate the exposure of organizations – click to register here). While this is not the first attack targeting browser extensions, the…
December 29, 2025Ravi LakshmananEndpoint Protection / Browser Security The new attack campaign targeted popular Chrome browser extensions, leading to the hacking of at least 16 extensions and exposing more than 600,000 users to data exposure and credential theft. The attack targeted browser extension publishers in the Chrome Web Store via a phishing campaign and used their access rights to inject malicious code into legitimate extensions to steal users’ cookies and access tokens. Cybersecurity firm Cyberhaven was the first company exposed. December 27 Cyberhaven opened that the threat actor compromised his browser extension and injected malicious code to communicate with an…