Author: Admin
November 8, 2024Ravi LakshmananVulnerability / Network Security The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added A critical security flaw affecting Palo Alto Networks’ expedition to its known vulnerabilities is now fixed (KEV) catalog with reference to evidence of active operation. Vulnerability, tracked as CVE-2024-5910 (CVSS Score: 9.3), addresses a case of missing authentication in the Expedition migration tool, which could lead to the hijacking of the administrator account. “Palo Alto Expedition contains a missing authentication vulnerability that could allow an attacker with network access to hijack an Expedition administrator account and potentially gain access to configuration secrets,…
November 7, 2024Ravi LakshmananVulnerability / Cloud Security Cybersecurity researchers discovered a malicious package in the Python Package Index (PyPI) that accumulated thousands of downloads over three years while stealing developers’ Amazon Web Services (AWS) credentials. Package in Review”factory,” which prints a popular Python library known as “fabric” which is for remote execution of shell commands via SSH. While the legitimate package had over 202 million downloads, its malicious counterpart had downloaded over 37,100 times to date. At the time of writing, fabrice is still available for download from PyPI. It was first published in March 2021. The typosquatting package is…
November 7, 2024Ravi LakshmananThreat Intelligence / Cyber Espionage The China-related threats, known as MirrorFace, have been seen targeting a diplomatic organization in the European Union, marking the first time a hacking team has targeted an organization in the region. “During this attack, the threat actor used the upcoming World Expo 2025 in Osaka, Japan as bait,” ESET said in a statement. said in its report on APT activities for the period April to September 2024. “This shows that even with the new geographic focus, MirrorFace remains focused on Japan and related events.” MirrorFace, also tracked as Land of Kashis estimated…
LLM Proactive Defense Against Cyber Attacks An interesting study: “Hacking the AI hacker: Rapid injection as a defense against LLM-driven cyberattacks”: Large language models (LLMs) are increasingly being used to automate cyberattacks, making complex exploits more accessible and scalable. In response, we propose a new defense strategy designed to combat LLM-driven cyberattacks. We present Mantis, a defense framework that exploits LLM’s competitive input vulnerability to undermine malicious operations. When detecting an automated cyberattack, Mantis carefully injects input into the system’s responses, forcing the attacker’s LLM to disrupt its own operations (passive defense) or even compromise the attacker’s machine (active defense).…
November 7, 2024Hacker newsPassword Security / Network Security Protecting your organization’s security is like fortifying a castle – you need to understand where attackers will attack and how they will try to breach your walls. And hackers are always looking for weak points, whether it’s a lax password policy or a forgotten backdoor. To create a stronger defense, you must think like a hacker and anticipate their actions. Read on to learn more about hackers’ password cracking strategies, the vulnerabilities they exploit, and how you can strengthen your defenses to prevent them. Analysis of the worst passwords Commonly used weak…
A threat actor linked to the Democratic People’s Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with multi-stage malware capable of infecting Apple macOS devices. Cyber security company SentinelOne, which christened the company Hidden riskattributed it with high confidence to BlueNoroff, which has previously been linked to malware families such as RustBucket, CANDY CORN, ObjCShellz, RustBy (aka A thief’s bucket), and TodoSwift. Researchers Rafael Sabato, Phil Stokes, and Tom Hegel use emails spreading fake news about cryptocurrency trends to infect targets through a malicious application disguised as a PDF file. said in a report shared with The Hacker…
Hacking LLM coders Really interesting research: “An Easy-to-Launch Backdoor Attack Using LLM on Code Completion Models: Introducing Masked Vulnerabilities vs. Strong Detection”: Abstract: Large Language Models (LLM) transformed the code of com-performing tasks, providing contextual suggestions to improve developer productivity in software engineering. Because users often tune these models for specific applications, poisoning and backdoor attacks can secretly change the results of the models. To address this critical security challenge, we present CODEBREAKER, a ground-breaking backdoor attack framework using LLM on the code completion model. Unlike recent attacks that embed malicious payloads into exposed or irrelevant sections of code (e.g.…
The ongoing phishing campaign uses copyright-related themes to trick victims into downloading a newer version of the Rhadamanthys info stealer from July 2024. Cybersecurity firm Check Point is tracking a massive campaign called CopyRh(ight)adamantys. Target regions include the US, Europe, East Asia, and South America. “The company simulates dozens of campaigns, while each email is sent to a specific target organization from a different Gmail account, tailoring the simulated campaign and language to each target organization,” the company said in a statement. said in technical analysis. “Almost 70% of shell companies belong to the entertainment / media and technology /…
Tactics, methods and procedures (TTP) form the basis of modern defense strategies. Unlike indicators of intrusion (IOC), TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of the most commonly used methods, according to ANY.RUN’s Q3 2024 report on malware trends with real-world examples. Disable Windows Event Log (T1562.002) Violating Windows Event Logging helps attackers prevent the system from recording critical information about their malicious activities. Without event logs, important details like login attempts, file modifications, and system changes go unrecorded, leaving incomplete or missing data for security solutions and analytics. Windows…
November 7, 2024Ravi LakshmananVulnerability / wireless technology Cisco has released security updates to address a maximum severity security flaw affecting Ultra-Reliable Wireless Backhaul (URWB) access points that could allow unauthenticated remote attackers to execute elevated-privilege commands. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability was described as resulting from a lack of input validation in the Cisco Unified Industrial Wireless Software web management interface. “An attacker could exploit this vulnerability by sending crafted HTTP requests to the web management interface of an affected system,” Cisco said in an advisory issued Wednesday. “A successful exploit could allow an attacker to execute…