Author: Admin
August 28, 2024Ravi LakshmananPhishing attack / Data breach Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that uses Microsoft’s Sway infrastructure to host fake pages, once again highlighting the misuse of legitimate cloud offerings for malicious purposes. “By using legitimate cloud applications, attackers build trust with victims, helping them trust the content they serve,” Netskope Threat Labs researcher Ian Michael Alcantara said. “Also, the victim is using their Microsoft 365 account that they are already signed in to when they open the Sway page, which can also help convince them of its legitimacy. Sway…
August 28, 2024Ravi LakshmananSoftware Security / Vulnerability The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added critical security flaw affecting Apache OFBiz open source enterprise resource planning (ERP) system for its known vulnerabilities (KEV) catalog with reference to evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, has a CVSS score of 9.8, indicating critical severity. “Apache OFBiz contains an incorrect authorization vulnerability that could allow an unauthenticated attacker to execute remote code via a Groovy payload in the context of an OFBiz user process,” CISA said. Details of the vulnerability first came to light…
August 28, 2024Ravi LakshmananWordPress Security / Site Protection A critical security flaw was discovered in the WPML multilingual WordPress plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. Vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), affects all versions of the plugin before 4.6.13, which was released on August 20, 2024. The issue, which occurs due to the lack of input validation and sanitization, allows authenticated attackers with Contributor access and above to execute code on the server. WPML is a popular plugin used to create multilingual WordPress sites. It has over a million active installs.…
August 27, 2024Ravi LakshmananCyber espionage / malware Users of Chinese instant messaging apps such as DingTalk and WeChat are being targeted by a backdoor in a version of Apple’s macOS called HZ RAT. The artifacts “almost exactly repeat the functionality of the Windows version of the backdoor and differ only in the payload, which is obtained in the form of shell scripts from the attackers’ server,” said Kaspersky researcher Sergey Puzan. said. ХЗ RAT was documented for the first time by the German cyber security company DCSO in November 2022, the malware was distributed via self-extracting zip archives or malicious…
Cyber espionage group China-nexus tracked how Volt Typhoon is attributed with moderate confidence to exploiting the zero-day of a recently discovered high-severity security flaw affecting Versa Director. Four U.S. victims and one foreign victim in the Internet Service Provider (ISP), Managed Service Provider (MSP), and Information Technology (IT) sectors were affected by attacks as recently as June 12, 2024, the Black Lotus Labs team at Lumen Technologies reported . said in a technical report shared with The Hacker News. The campaign against Versa Director systems is believed to be ongoing without a patch. The security issue in question is CVE-2024-39717…
Want to know what’s new and best in SecOps for 2024? The recently published Gartner Hype Cycle for Security Operations report takes important steps to organize and evolve the field of Continuous Threat Exposure Management, also known as CTEM. This year’s report includes three categories in this area: infection management, infection assessment platforms (EAPs) and adversarial infection verification (AEV). These category definitions are intended to provide some structure to the changing landscape of exposure management technologies. Pentera, listed as a sample provider in the newly defined category, AEV is playing a key role in expanding the adoption of CTEM with…
August 27, 2024Ravi LakshmananBrowser Vulnerability / Security Google discovered a security flaw that was fixed as part of a security update rolled out last week its Chrome browser was actively exploited in the wild. Tracked as CVE-2024-7965The vulnerability was described as an inconsistent implementation bug in the V8 JavaScript engine and WebAssembly. “A flawed implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit a heap corruption via a crafted HTML page,” it said. description about the bug in the NIST National Vulnerability Database (NVD). The security researcher, who goes by the online pseudonym…
August 27, 2024Ravi LakshmananAI Security / Vulnerability Details have emerged about a patched vulnerability in Microsoft 365 Copilot that could allow the theft of sensitive user information using a technique called ASCII smuggling. “ASCII smuggling is a new technique that uses special Unicode characters that represent ASCII but are not actually visible in the user interface,” security researcher Johann Rehberger said. “This means that an attacker can get the (large language model) user rendering of invisible data and embed it in clickable hyperlinks. This technique basically prepares data for hijacking!” The entire attack combines a number of attack techniques to…
August 26, 2024Ravi LakshmananGDPR / Data Protection The Dutch data protection authority (DPA) has fined Uber a record 290 million euros ($324 million) for allegedly failing to comply with European Union (EU) data protection standards when sending sensitive driver data to the US “The Dutch DPA found that Uber transferred the personal data of European taxi drivers to the United States (US) and failed to adequately protect the data in relation to these transfers,” the agency said in a statement. said. The data protection watchdog said the move was a “serious” breach of the General Data Protection Regulation (GDPR). In…
August 26, 2024Ravi LakshmananVulnerability / Enterprise Security SonicWall has released security updates to address a critical flaw affecting firewalls that, if successfully exploited, could allow attackers to gain unauthorized access to devices. Vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), was described as an incorrect access control error. “An improper access control vulnerability has been identified in SonicWall SonicOS management access, which could potentially lead to unauthorized access to resources and, under certain conditions, lead to a firewall failure,” the company said in a statement. said in an advisory issued last week. “This issue affects SonicWall Firewall Gen 5 and Gen…