Author: Admin
November 8, 2024Hacker newsCyber Resilience / Compliance We’ve all heard it a million times: the growing demand for robust cybersecurity in the face of growing cyber threats is undeniable. Around the world, small and medium-sized businesses (SMBs) are increasingly being targeted by cyberattacks, but they often lack the resources for dedicated chief information security officers (CISOs). This gap is fueling the growth of the virtual CISO (vCISO) model, which offers a cost-effective solution and gives SMBs access to strategic security leadership. For MSPs and MSSPs, this shift represents both a challenge and an opportunity. More than 94% of service providers…
November 8, 2024Ravi LakshmananIoT Security / Vulnerability The threat actors behind the AndroxGh0st malware are now exploiting a wider set of security flaws affecting various Internet applications, as well as deploying the Mozi botnet malware. “This botnet uses remote code execution and credential theft techniques to maintain constant access, using unpatched vulnerabilities to infiltrate critical infrastructures.” – CloudSEK said in a new report. AndroxGh0st is the name given to a Python-based cloud attack tool known for targeting Laravel applications in order to obtain sensitive data from services such as Amazon Web Services (AWS), SendGrid, and Twilio. Active since at least…
November 8, 2024Ravi LakshmananOpen source / malware The new campaign targeted an npm package repository with malicious JavaScript libraries designed to infect Roblox users with open source malware such as Indebtedness and Blank-grabber. “This incident highlights the alarming ease with which threat actors can attack supply chains by exploiting trust and human error in the open source ecosystem and using readily available malware, public platforms such as GitHub to host malicious executables, and communication channels such as Discord and Telegram for C2 operations to bypass traditional security measures.” — Socket security researcher Kirill Boichenko said in a report shared with…
November 8, 2024Ravi LakshmananCyber espionage / threat intelligence High-profile organizations in India have been targeted by malicious campaigns organized by Pakistan Transparent tribe threat actor and previously unknown cyber espionage group with China Nexus called IcePeony. The intrusions linked to Transparent Tribe include the use of malware called ElizaRAT and a new stealth payload called ApoloStealer on specific victims of interest, Check Point said in a white paper published this week. “The ElizaRAT samples point to the systematic abuse of cloud services, including Telegram, Google Drive and Slack, to facilitate command-and-control communication,” the Israeli company said. said. ElizaRAT is a…
The AI industry is trying to undermine the definition of “open source AI” The Open Source Initiative has published (article in the news here) their definition of “open source AI” and that terrible. It enables secret training data and mechanisms. This allows development to be done in secret. Since the training data for neural networks there is the source code is how the model is programmed – the definition doesn’t make sense. And it’s confusing; most open source AI models, such as LLAMA, are open source in name only. But OSI appears to have been co-opted by industry players who…
November 8, 2024Hacker newsCyber Security Awareness / Webinar Let’s face it: traditional security training can be just as exciting as reading the fine print on software updates. It’s routine, predictable, and, let’s be honest, often forgotten about once it’s over. Now imagine cyber security training as memorable as your favorite show. Remember how “Hamilton” brought history to life, or how “The Office” taught us CPR (stay alive, anyone?)? That’s the transformative power of storytelling—and that’s exactly what Huntress Managed Security Awareness Training (SAT) brings to cybersecurity. Why storytelling is the secret weapon in safety education: The human brain is made…
November 8, 2024Ravi LakshmananMalware / Virtualization Cybersecurity researchers have identified a new malware campaign that infects Windows systems with a virtual instance of Linux that contains a backdoor capable of establishing remote access to compromised hosts. An “intriguing” campaign under a code name CROWN#TRAPstarts with a malicious Windows Shortcut (LNK) file, which is likely distributed as a ZIP archive via a phishing email. “What makes the CRON#TRAP campaign of particular concern is that the emulated Linux instance comes with a preconfigured backdoor that automatically connects to the attacker’s command and control (C2) server,” Securonix researchers Dan Yuzwick and Tim Peck…
November 8, 2024Ravi LakshmananVulnerability / Network Security The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added A critical security flaw affecting Palo Alto Networks’ expedition to its known vulnerabilities is now fixed (KEV) catalog with reference to evidence of active operation. Vulnerability, tracked as CVE-2024-5910 (CVSS Score: 9.3), addresses a case of missing authentication in the Expedition migration tool, which could lead to the hijacking of the administrator account. “Palo Alto Expedition contains a missing authentication vulnerability that could allow an attacker with network access to hijack an Expedition administrator account and potentially gain access to configuration secrets,…
November 7, 2024Ravi LakshmananVulnerability / Cloud Security Cybersecurity researchers discovered a malicious package in the Python Package Index (PyPI) that accumulated thousands of downloads over three years while stealing developers’ Amazon Web Services (AWS) credentials. Package in Review”factory,” which prints a popular Python library known as “fabric” which is for remote execution of shell commands via SSH. While the legitimate package had over 202 million downloads, its malicious counterpart had downloaded over 37,100 times to date. At the time of writing, fabrice is still available for download from PyPI. It was first published in March 2021. The typosquatting package is…
November 7, 2024Ravi LakshmananThreat Intelligence / Cyber Espionage The China-related threats, known as MirrorFace, have been seen targeting a diplomatic organization in the European Union, marking the first time a hacking team has targeted an organization in the region. “During this attack, the threat actor used the upcoming World Expo 2025 in Osaka, Japan as bait,” ESET said in a statement. said in its report on APT activities for the period April to September 2024. “This shows that even with the new geographic focus, MirrorFace remains focused on Japan and related events.” MirrorFace, also tracked as Land of Kashis estimated…