Author: Admin
December 28, 2024Ravi LakshmananVulnerability / Threat Intelligence According to new VulnCheck findings, a high-severity flaw affecting select Four-Faith routers is being exploited in the wild. Vulnerability, tracked as CVE-2024-12856 (CVSS Score: 7.2), has been described as an operating system (OS) command implementation bug affecting router models F3x24 and F3x36. The vulnerability is less severe because it only works if a remote attacker can successfully authenticate. However, if the default credentials associated with the routers have not been changed, this may result in unauthenticated OS commands. In the attack detailed by VulnCheck, unknown threat actors were found to use default router…
December 27, 2024Ravi LakshmananCryptocurrency / Cyber Espionage The North Korean threat actors behind the ongoing Contagious Interview campaign have been spotted releasing a new JavaScript malware called OtterCookie. Contagious interview (aka Deceptive development) refers to an ongoing attack campaign that uses social engineering lures, with a hacking team often posing as recruiters to trick potential job seekers into downloading malware under the guise of an interview process. This involves spreading malware programs for video conferencing or Packages npm either hosted on GitHub or in the official package registry, opening the way for malware such as BeaverTail and InvisibleFerret to be…
December 27, 2024Ravi LakshmananCyber attack / data theft A threat actor known as Cloud atlas a previously undocumented malware called VBCloud was seen being used in cyberattack campaigns targeting “several dozen users” in 2024. “Victims are infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malicious code,” Kaspersky researcher Oleg Kupreev said in an analysis published this week. More than 80% of the objects were located in Russia. A smaller number of victims was reported from Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey and Vietnam. Cloud Atlas is also…
December 27, 2024Ravi LakshmananBotnet / DDoS attack Cybersecurity researchers are warning of a surge in malicious activity involving vulnerable D-Link routers in two different botnets, Mirai variant named FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. “These botnets are often propagated through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via the GetDeviceSettings action in the HNAP (Home Network Administration Protocol) interface,” Vincent Lee, researcher at Fortinet FortiGuard Labs. said in Thursday’s analysis. “This HNAP flaw was first discovered nearly a decade ago when numerous devices were affected by various CVE numbers, including CVE-2015-2051, CVE-2019-10891, CVE-2022-37056and…
December 27, 2024Ravi LakshmananFirewall Security / Vulnerability Palo Alto Networks has disclosed a high-severity vulnerability that affects the PAN-OS software and could cause a Denial of Service (DoS) condition on sensitive devices. The vulnerability, tracked as CVE-2024-3393 (CVSS score: 8.7), affects PAN-OS versions 10.X and 11.X, as well as Prisma Access with PAN-OS versions. It was addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later versions of PAN-OS. “A denial-of-service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of…
December 27, 2024Ravi LakshmananSoftware Vulnerability / Security The Apache Software Foundation (ASF) has released patches to address a maximum-level vulnerability in the MINA A Java network application framework that can lead to remote code execution under certain conditions. Tracked as CVE-2024-52046the vulnerability has a CVSS score of 10.0. This affects versions 2.0.X, 2.1.X, and 2.2.X. “The ObjectSerializationDecoder in Apache MINA uses Java’s own deserialization protocol to handle incoming serialized data, but it lacks the necessary security checks and safeguards,” project staff said in a recommendation published on December 25, 2024. “This vulnerability allows attackers to exploit the deserialization process by…
December 26, 2024Ravi LakshmananCybercrime / Ransomware A Brazilian national has been indicted in the United States for allegedly threatening to release data stolen in a March 2020 hack of a company’s network. Junior Barros de OliveiraA 29-year-old man from Curitiba, Brazil, was charged with four counts of extortion threats related to information obtained from protected computers and four counts of threatening communications, US Department of Justice (DoJ) said in an unsealed indictment earlier this week. The computers of the named victim, a Brazilian subsidiary of a New Jersey company, were hacked by the defendant, who then used the access to…
December 25, 2024Ravi LakshmananSecurity / Server Vulnerability The Apache Software Foundation (ASF) has provided security updates to address a critical security flaw in the Traffic Management System that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in a database. SQL injection vulnerability, tracked as CVE-2024-45387rated 9.9 out of 10.0 on the CVSS rating system. “Traffic Ops SQL Injection Vulnerability in Apache Traffic Control = 8.0.0 allows a privileged user with the “admin”, “federation”, “operations”, “portal” or “management” roles to execute arbitrary SQL against the database by sending a specially crafted PUT request,” project…
December 25, 2024Ravi LakshmananCloud Security / Vulnerability Cybersecurity researchers have discovered several security flaws in a cloud management platform developed by Ruijie Networks that could allow an attacker to take control of network devices. “These vulnerabilities affect both the Reyee platform and Reyee OS networking devices,” Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. “These vulnerabilities, if exploited, could allow an attacker to execute code on any cloud device, giving them the ability to control tens of thousands of devices.” An operational technology (OT) security company that conducted in-depth research into an Internet of Things (IoT)…
December 25, 2024Ravi LakshmananCyber attack / malware An Iranian nation-state hacking group known as Charming Kitten has been spotted deploying a C++ variant of a well-known malware called BellaCiao. The Russian cyber security company Kaspersky announced the new version BellaCPPsaid it discovered the artifact as part of a “recent” investigation into a hacked machine in Asia that was also infected with the BellaCiao malware. BellaCiao was first documented by Romanian cybersecurity firm Bitdefender in April 2023, describing it as a custom dropper capable of delivering additional payloads. The malware was deployed by a hacker group for cyber attacks targeting the…