Author: Admin

December 4, 2024Ravi LakshmananAn attack on the supply chain Cybersecurity researchers warn of attack on software supply chains targeting popular @solana/web3.js npm library, which included the promotion of two malicious versions capable of harvesting users’ private keys in order to drain their cryptocurrency wallets. The attack was discovered in versions 1.95.6 and 1.95.7. Both of these versions are no longer available for download from the npm registry. The package is widely used, attracting more than 400,000 downloads every week. “These compromised versions contain embedded malware that is designed to steal private keys from unsuspecting developers and users, potentially allowing attackers…

Read More

December 4, 2024Ravi LakshmananEmail Security / Malware Cybersecurity researchers have turned their attention to a new phishing campaign that uses corrupted Microsoft Office documents and ZIP archives as a way to bypass email protection. “Ongoing attack evades antivirus software, prevents sandboxing and bypasses Outlook’s spam filters, allowing malicious emails to reach your inbox”, ANY.RUN said in a series of posts on X. Malicious activity involves sending emails containing ZIP archives or Office attachments that are intentionally corrupted in a way that cannot be scanned by security tools. These messages are designed to trick users into opening attachments with false promises…

Read More

December 4, 2024Ravi LakshmananSoftware Vulnerability / Security A critical security vulnerability has been discovered in SailPoint Identity IQ identity and access management (IAM) software that allows unauthorized access to content stored in an application directory. Drawback tracked as CVE-2024-10905has a CVSS score of 10.0, indicating maximum severity. This affects IdentityIQ version 8.2. 8.3, 8.4 and other previous versions. IdentityIQ “allows HTTP access to static content in the IdentityIQ application directory that must be secured,” according to description flaw in NIST’s National Vulnerability Database (NVD). The vulnerability was described as an instance of incorrect handling of file names that identify virtual…

Read More

December 4, 2024Ravi Lakshmanan A joint advisory issued by Australia, Canada, New Zealand and the United States warns of a widespread cyberespionage campaign by threat actors linked to the People’s Republic of China (PRC) targeting telecommunications providers. “Identified exploits or breaches associated with the activities of these threat actors coincide with existing vulnerabilities associated with the victims’ infrastructure; no new actions were observed”, – state institutions said. US officials told Tuesday that threat actors are still lurking in U.S. telecommunications networks nearly six months after an investigation into the intrusions began. The attacks were attributed to a group of nation-states…

Read More

December 4, 2024Ravi LakshmananVulnerability / Ransomware Veeam has released security updates to address a critical flaw affecting the Service Provider Console (VSPC) that could open the way for remote code execution on sensitive instances. The vulnerability, tracked as CVE-2024-42448, has a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was discovered during internal testing. “From the VSPC Management Agent machine, provided the Management Agent is authorized on the server, remote code execution (RCE) can be performed on the VSPC server machine”, Veeam said in the advisory. Another flaw fixed by Veeam is…

Read More

December 3, 2024Ravi LakshmananVulnerability / Network Security On Monday, Cisco updated its advisory to warn customers about the active exploitation of a decade-old security flaw affecting the Adaptive Security Appliance (ASA). Vulnerability, tracked as CVE-2014-2120 (CVSS Score: 4.3) concerns an instance of insufficient input validation on the WebVPN ASA login page that could have allowed an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against the target user of the device. “An attacker could exploit this vulnerability by convincing a user to access a malicious link,” Cisco noted in a warning issued in March 2014. As of December…

Read More

December 3, 2024Ravi LakshmananEndpoint Security / Vulnerability Cybersecurity researchers have discovered a number of flaws affecting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could potentially be used for remote code execution on Windows and macOS systems. “By targeting VPN clients’ implicit trust in servers, attackers can manipulate client behavior, execute arbitrary commands, and gain high levels of access with minimal effort.” — AmberWolf. said in the analysis. In a hypothetical attack scenario, this comes in the form of a fake VPN server that can trick customers into downloading malicious updates, which can cause unintended consequences. The…

Read More

December 3, 2024Ravi LakshmananThreat Intelligence / Email Security The North Korean threat actor known as Kimsuki has been linked to a series of phishing attacks that involve sending emails originating from Russian sender addresses to ultimately carry out credential theft. “Until early September, phishing emails were sent mainly through email services in Japan and Korea,” South Korean cybersecurity company Genians said. “Then, starting in mid-September, some phishing emails disguised as if they were sent from Russia were seen.” This entails the abuse of the VK Mail.ru e-mail service, which supports five different alias domains, including mail.ru, internet.ru, bk.ru, inbox.ru and…

Read More

December 2, 2024Ravi LakshmananMalware / cryptocurrency Taiwanese manufacturing, healthcare and information technology businesses have been targeted by a new SmokeLoader malware distribution campaign. “SmokeLoader is well known for its versatility and advanced evasion techniques, and its modular design allows for a wide range of attacks” – Fortinet FortiGuard Labs said in a report shared with The Hacker News. “While SmokeLoader mainly serves as a loader to deliver other malware, in this case it is carrying out the attack itself by loading plugins from its (command and control) server.” SmokeLoaderfirst touted on cybercrime forums in 2011, the malware downloader is primarily…

Read More

December 3, 2024Ravi LakshmananMalware / phishing attack A newly discovered malware campaign was found to be targeting private users, retailers and businesses serving primarily in Russia to deliver NetSupport RAT and BurnsRAT. Company, dubbing Horns and hooves from Kaspersky, from the beginning of March 2023. more than 1,000 people were injured. The ultimate goal of these attacks is to use the access provided by these Trojans to install malicious hijackers such as Rhadomantis and Medusa. “In recent months, there has been a surge in mailings with similar email attachments in the form of a ZIP archive containing JScript scripts,” security…

Read More