Author: Admin
October 24, 2024Ravi LakshmananRansomware / Cybercrime Cybersecurity researchers have discovered an advanced version of the Qilin ransomware that features increased sophistication and evasive tactics. The new variant is tracked by cyber security company Halcyon under the alias Qilin.B. “Notably, Qilin.B now supports AES-256-CTR encryption for AESNI-capable systems, while retaining Chacha20 for systems without such support,” Halcyon Research Team said in a report shared with The Hacker News. “Additionally, RSA-4096 with OAEP padding is used to protect the encryption keys, making it impossible to decrypt the files without the attacker’s private key or derived seed values.” Tilin, also known as Agendafirst…
Cybersecurity researchers have discovered a security flaw affecting the Amazon Web Services (AWS) Cloud Development Kit (CDK) that could lead to account hijacking under certain circumstances. “The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, leading to full account takeover,” Aqua said in the report shared with The Hacker News. After responsible disclosure on June 27, 2024, the issue was reviewed by project support specialists at CDK version 2.149.0 released in July. AWS CDK is an open source software development framework for defining cloud application resources using Python,…
October 24, 2024Ravi LakshmananVulnerability / Network Security Cisco said on Wednesday that it has released updates to address a widely used security flaw in the Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. Vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA software and Cisco Firepower Threat Defense (FTD). A security issue caused by resource exhaustion can be exploited by unauthenticated remote attackers to cause a DoS of the RAVPN service. “An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an…
Sometimes it turns out that the answers we’ve been looking for so hard have been sitting in front of us for so long that we somehow didn’t notice them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity alert and prescribes specific actions, it would be a good idea to at least read the joint advisory. In their AA24-242A advisory, DHS/CISA and the FBI told the cybercriminal-stopping world that to stop ransomware attacks, organizations need to implement phishing-resistant MFA and move away from SMS-based MFA OTP. Best…
A North Korean threat actor known as the Lazarus Group has been credited with exploiting a zero-day patched security flaw in Google Chrome to seize control of infected devices. Cyber security provider Kaspersky said that in May 2024, it discovered a new chain of attacks that targeted the personal computer of an unnamed Russian citizen using Manuscript backdoor This entails running a zero-day exploit simply by visiting a fake gaming website (“detankzone(.)com”) that was targeted at people in the cryptocurrency sector. The campaign is estimated to launch in February 2024. “On the surface, this website resembled a professionally designed product…
October 24, 2024Ravi LakshmananVulnerability / Network Security Fortinet has confirmed details of a critical security flaw affecting FortiManager that is actively exploited in the wild. Tracked as CVE-2024-47575 (CVSS Score: 9.8), the vulnerability is also known as FortiJump and is rooted in FortiGate for FortiManager (FGFM) protocol. “Lack of Authentication for Critical Feature Vulnerability (CWE-306) in the FortiManager fgfmd daemon could allow a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests,” the company said in a statement. said in consultation on Wednesday. The vulnerability affects FortiManager versions 7.x, 6.x, FortiManager Cloud 7.x, and 6.x. This…
New versions of the banking malware called Grandoreira have been found to be using new tactics in an attempt to circumvent anti-fraud measures, indicating that the malware continues to be actively developed despite efforts by law enforcement to shut down the operation. “Only part of this gang has been arrested: the remaining operators behind Grandoreiro continue to attack users around the world, developing new malware and building new infrastructure,” Kaspersky said. said in an analysis published on Tuesday. Some of the other newly incorporated techniques include the use of Domain Generation Algorithm (DGA) for command-control (C2) communication, ciphertext theft (CTS)…
October 23, 2024Ravi LakshmananVulnerability / Threat Intelligence A fatal error has been detected in Microsoft SharePoint added to known exploits (KEV) catalog of the US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active use. The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability that affects SharePoint and could lead to remote code execution. “An authenticated attacker with permission from the site owner could use the vulnerability to inject arbitrary code and execute that code in the context of SharePoint Server,” Microsoft said. said in the notice of deficiency. There were…
October 23, 2024Hacker newsIdentity Security / Data Protection Identity security is front and center in all of the recent breaches, including Microsoft, Okta, Cloudflare, and Snowflake, to name a few. Organizations are beginning to realize that changes are needed in how we approach identity security from both a strategic and technological perspective. Identity security is about more than just providing access The traditional view that identity security is primarily concerned with granting and denying access for applications and services, often piecemeal, is no longer sufficient. This view was reflected as a broad theme in Permiso Security Identity Status Report (2024)which…
Criminals have been seen abusing the Amazon S3 (Simple Storage Service) transfer acceleration feature in ransomware attacks designed to steal victims’ data and upload it to S3 buckets under their control. “Attempts were made to disguise the Golang ransomware as the infamous LockBit ransomware,” Trend Micro researchers Yaromir Khareisi and Nitesh Surana said. “However, this is not the case, and it appears that the attacker is only using LockBit’s popularity to further tighten the noose on their victims.” Ransomware artifacts have been found to embed hard-coded Amazon Web Services (AWS) credentials to facilitate cloud data extraction, suggesting that adversaries are…