Author: Admin

November 12, 2024Ravi LakshmananVirtualization / Vulnerability Cybersecurity researchers have discovered new security flaws affecting Citrix virtual applications and desktops that could be exploited for unauthenticated remote code execution (RCE). Release, according to the findings of observation towerrooted in Art Session recording a component that allows system administrators to capture user activity and record keyboard and mouse input along with a desktop video stream for auditing, compliance, and troubleshooting. Specifically, the vulnerability exploits “a combination of carelessly exposed MSMQ an instance with misconfigured permissions that uses BinaryFormatter can be accessed from any host over HTTP to perform RCE without authentication,” said…

November 12, 2024Ravi LakshmananMalware / Application Security Threat actors associated with the Democratic People’s Republic of Korea (DPRK, aka North Korea) were found to be embedding malware into Flutter apps, marking the first time an adversary has adopted this tactic to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the apps created by Flutter are part of a broader operation that includes malware written in Golang and Python. It is currently unknown how these samples are being distributed to victims, whether they have been used…

Behavioral analytics, long associated with threat detection (such as UEBA or UBA), are experiencing a renaissance. Once primarily used to detect suspicious activity, it is now being used reimagined as a powerful technology after discovery which improves incident response processes. By leveraging behavioral information during alert triage and investigations, SOCs can transform their workflows to become more accurate, efficient and effective. Fortunately, many new cyber security products like AI SOC Analysts are able to incorporate these techniques into their investigative capabilities, enabling the SOC to use them in their response processes. This post will provide a brief overview of behavior…

Criminals are using the FBI’s emergency data requests I’ve been writing about the problem with legitimate access backdoors in encryption for decades: Once you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. It turns out the same it is true for non-technical backdoors: The advisory says cybercriminals have successfully disguised themselves as law enforcement by using hacked police accounts to send emails to companies requesting user data. In some cases, the requests made false threats, such as claims of human trafficking and, in one case, that an individual would be “severely injured…

November 11, 2024Ravi LakshmananMalware poisoning / SEO In an unusually specific campaign, users looking for information about the legality of Bengal cats in Australia are being targeted GootLoader malware. “In this case, we found that GootLoader actors are using search results to obtain information about a specific cat and a specific geography used to deliver the payload: ‘Are Bengal cats legal in Australia?'” Sophos researchers Trang Tang, Hikaru Koike, Asha Castle and Sean Gallagher said in a report released last week. GootLoaderas the name suggests, is a malware downloader that is usually distributed using search engine optimization (SEO) poisoning tactics…

Cybersecurity researchers have identified a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a malware called RustyStealer. “Ymir ransomware presents a unique combination of technical features and tactics that increase its effectiveness,” Russian cybersecurity vendor Kaspersky said. “Threat actors used an unconventional combination of memory management functions – malloc, memmove and memcmp – to execute malicious code directly in memory. This approach deviates from the typical sequential execution seen in widespread types of ransomware, improving its stealth capabilities.” Kaspersky said it discovered the ransomware used in a cyberattack targeting an…

November 11, 2024Ravi LakshmananVulnerability / Risk Reduction Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities affecting Aruba Networking Access Point products, including two critical bugs that could lead to unauthenticated command execution. The vulnerabilities affect access points running Instant AOS-8 and AOS-10 – AOS-10.4.xx: 10.4.1.4 and below Instant AOS-8.12.xx: 8.12.0.2 and below Instant AOS-8.10.xx: 8.10.0.13 and below The most serious of the six recently patched vulnerabilities are CVE-2024-42509 (CVSS score: 9.8) and CVE-2024-47460 (CVSS score: 9.0), two critical flaws in the unauthenticated command injection into the service CLI, which can lead to arbitrary code execution. “Command…

Cyber ​​threats are increasing and cyber security has become critical to business operations. As security budgets grow, CEOs and boardrooms demand concrete evidence that cybersecurity initiatives deliver value beyond regulatory compliance. Just as you wouldn’t buy a car without knowing it’s been crash tested, safety systems should also be tested to prove their value. There is a growing shift toward security testing as it allows cyber practitioners to safely deploy real-world exploits in production environments to accurately assess the effectiveness of their security systems and identify critical areas of impact at scale. We sat down with Sean Baird, Associate Director…

November 11, 2024Ravi LakshmananMachine Learning / Vulnerability Cybersecurity researchers have discovered nearly two dozen security flaws in 15 different machine learning (ML) open source projects. These include both server-side and client-side vulnerabilities, software supply chain security firm JFrog said in an analysis published last week. Server-side vulnerabilities “allow attackers to hijack critical servers in an organization, such as ML model registries, ML databases, and ML pipelines.” said. The vulnerabilities identified in Weave, ZenML, Deep Lake, Vanna.AI, and Mage AI have been broken down into broader subcategories that allow remote hijacking of model registries, ML database structures, and hijacking of ML…

Cyber ​​security researchers have discovered a new phishing campaign that distributes a new fileless variant of a known commercial malware called Remcos RAT. The Remcos RAT “provides purchases with a broad set of advanced features for remote control of customer-owned computers,” said Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. “However, threat actors have abused Remcos to collect sensitive information from victims and remotely control their computers to perform further malicious activities.” The starting point of the attack is a phishing email that uses purchase order-themed lures to convince recipients to open a Microsoft Excel…