Author: Admin
November 14, 2024Ravi LakshmananMalware / Vulnerability A recently patched security flaw affecting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russian-linked actor in cyberattacks against Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), is an NTLM hash disclosure spoofing vulnerability that can be exploited to steal a user’s NTLMv2 hash. It was patched up from Microsoft earlier this week. “Minimal user interaction with a malicious file, such as selecting (single-click), inspecting (right-clicking), or performing actions other than opening or executing, could trigger this vulnerability,” Microsoft said in its advisory. Israeli cybersecurity firm ClearSky, which…
November 13, 2024Ravi LakshmananThreat Intelligence / Cyber Espionage A threat entity linked to Hamas has expanded its malicious cyber operations beyond espionage to launch subversive attacks exclusively targeting Israeli organizations. The activity associated with the group named THE MASTERSalso targeting the Palestinian Authority, Jordan, Iraq, Saudi Arabia and Egypt, according to the Check Point analysis. “The (Israel-Hamas) conflict has not disrupted WIRTE’s operations, and they continue to use recent developments in the region in their espionage operations,” the company said in a statement. said. “In addition to espionage, the threat actor has recently engaged in at least two waves of…
Romanian cybersecurity firm Bitdefender has released a free decryptor to help victims recover data encrypted by the ShrinkLocker ransomware. The decoder is the result of a comprehensive analysis of ShrinkLocker’s inner workings, allowing researchers to discover “a specific window of opportunity to recover data immediately after the protectors are removed from BitLocker-encrypted drives.” ShrinkLocker was first documented in May 2024 Kaspersky discovered that the malware was using Microsoft’s proprietary BitLocker utility to encrypt files as part of ransomware attacks targeting Mexico, Indonesia and Jordan. Bitdefender, which investigated the ShrinkLocker incident targeting an unnamed healthcare company in the Middle East, said…
November 13, 2024Hacker newsBrowser Security / SaaS Security The rise of SaaS and cloud-based work environments has significantly changed the cyber risk landscape. With more than 90% of organizational network traffic passing through browsers and web applications, companies are facing serious new cybersecurity threats. This includes phishing attacks, data leaks, and malicious extensions. As a result, the browser also becomes a vulnerability that needs to be protected. LayerX has released a comprehensive guide titled “Start your browser’s security program” This detailed guide serves as a road map for CISOs and security teams looking to secure their organization’s browser operations; including…
Vulnerabilities in the OvrC platform expose IoT devices to remote attacks and code execution
November 13, 2024Ravi LakshmananCloud Security / Vulnerability A security analysis of cloud platform OvrC found 10 vulnerabilities that could be linked to allow potential attackers to remotely execute code on connected devices. “Attackers who successfully exploit these vulnerabilities could gain access, control, and compromise OvrC-enabled devices; some of which include smart power supplies, cameras, routers, home automation systems, and more,” Uri Katz, researcher at Claroty. said in the technical report. Snap One’s OvrC, pronounced “oversee,” is touted as a “revolutionary support platform” that allows homeowners and businesses to remotely manage, configure, and troubleshoot IoT devices on their network. According to…
November 13, 2024Ravi LakshmananCyber espionage / malware An Iranian threat actor known as TA455 has been spotted taking a leaf out of a North Korean hacking group’s playbook to set up its own version “Dream Job” company. targeting the aerospace industry, offering fake jobs from at least September 2023. “The company distributed the SnailResin malware, which activates the SlugResin backdoor,” Israeli cybersecurity firm ClearSky said. said in Tuesday’s analysis. TA455, also tracked by Mandiant as, owned by Google UNC1549 and Yellow Dev 13, rated as a subcluster within APT35which is known as CALANQUE, Charming Kitten, CharmingCypress, ITG18, Mint Sandstorm (formerly…
November 13, 2024Ravi LakshmananVulnerability / Patch Tuesday Microsoft revealed on Tuesday that two security flaws affect Windows NT LAN Manager (NTLM) and Task Scheduler are heavily exploited in the wild. Among the security vulnerabilities 90 security errors the tech giant addressed this as part of its November 2024 Patch Tuesday update. Of the 90 flaws, four were rated Critical, 85 were rated Important, and one was rated Moderate. Fifty-two of the patched vulnerabilities are remote code execution flaws. Corrections in addition to 31 vulnerability Microsoft fixed the issue in its Chromium-based Edge browser after releasing the October 2024 Patch Tuesday…
November 12, 2024Ravi LakshmananEmail Security / Threat Intelligence Cybersecurity researchers are turning their attention to a sophisticated new tool called GoIssue that can be used to send large-scale phishing emails targeting GitHub users. A program first marketed by a threat actor named Cyberdluffy (aka Cyber D’ Luffy) on Runion Forum earlier this August touted as a tool that allows criminals to extract email addresses from public GitHub profiles and send mass emails directly to users’ mailboxes. “Whether you’re looking to reach a specific audience or expand your reach, GoIssue offers the precision and power you need,” the threat actor claimed…
New vulnerabilities in Citrix virtual apps allow RCE to be attacked via MSMQ misconfiguration
November 12, 2024Ravi LakshmananVirtualization / Vulnerability Cybersecurity researchers have discovered new security flaws affecting Citrix virtual applications and desktops that could be exploited for unauthenticated remote code execution (RCE). Release, according to the findings of observation towerrooted in Art Session recording a component that allows system administrators to capture user activity and record keyboard and mouse input along with a desktop video stream for auditing, compliance, and troubleshooting. Specifically, the vulnerability exploits “a combination of carelessly exposed MSMQ an instance with misconfigured permissions that uses BinaryFormatter can be accessed from any host over HTTP to perform RCE without authentication,” said…
November 12, 2024Ravi LakshmananMalware / Application Security Threat actors associated with the Democratic People’s Republic of Korea (DPRK, aka North Korea) were found to be embedding malware into Flutter apps, marking the first time an adversary has adopted this tactic to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the apps created by Flutter are part of a broader operation that includes malware written in Golang and Python. It is currently unknown how these samples are being distributed to victims, whether they have been used…