Author: Admin
August 16, 2024Ravi LakshmananMobile Security / Software Security A large percentage of proprietary Google Pixel devices shipped worldwide since September 2017 included broken software that could be used to orchestrate malicious attacks and spread various types of malware. The problem appears as a pre-installed Android app called “Showcase.apk” that has excessive system privileges, including the ability to remotely execute code and install arbitrary packages on the device, according to mobile security company iVerify. “The application downloads a configuration file over an unsecured connection and can be manipulated to execute system-level code,” it said. said in an analysis published jointly with…
August 15, 2024Ravi LakshmananEnterprise Security / Vulnerability SolarWinds has released patches to address a critical security vulnerability in its web help software that could be used to execute arbitrary code on sensitive instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), was described as a deserialization bug. “SolarWinds Web Help Desk has been found to be vulnerable to a remote Java deserialization code execution vulnerability that, if exploited, would allow an attacker to execute commands on a host machine,” the company said in a statement. said in the consulting room. “Although this was reported as an unauthenticated vulnerability, SolarWinds was…
August 15, 2024Ravi LakshmananRansomware / Cybercrime A cybercriminal group linked to RansomHub ransomware has been spotted using a new tool designed to shut down endpoint detection and response (EDR) software on compromised hosts, joining other similar programs such as AuKill (aka AvNeutralizer) and Terminator. The EDR kill utility was named EDRKillShifter by cybersecurity firm Sophos, which discovered the tool in connection with a botched ransomware attack in May 2024. “The EDRKillShifter tool is a ‘bootloader’ executable – a delivery mechanism for a legitimate exploitable driver (also known as a ‘bring your own vulnerable driver’ or BEUDtool),” security researcher Andreas Klopsch…
August 15, 2024Ravi LakshmananCyber Attack / Social Engineering Russian and Belarusian non-profit organizations, Russian independent media and international NGOs operating in Eastern Europe have been targeted by two separate phishing campaigns organized by threat actors whose interests align with those of the Russian government. While one of the companies – named Fish River – was credited COLDRIVERby a controversial group linked to Russia’s Federal Security Service (FSB), a second series of attacks was recognized as the work of a previously undocumented threat cluster codenamed COLDWASTREL. According to a joint investigation by Access Now and Citizen Lab, the campaigns also targeted…
August 15, 2024Hacker newsIdentity Security / Threat Detection The emergence of threat detection identification and response Identity Threat Detection and Response (ITDR) has become a critical component to effectively detect and respond to identity-based attacks. Threat actors have demonstrated their ability to compromise identity infrastructure and move into IaaS, Saas, PaaS and CI/CD environments. Threat identification and response solutions help organizations better detect suspicious or malicious activity in their environment. ITDR solutions empower security teams to help teams answer the question “What is happening in my environment right now – what are my individuals doing in my environment.” Human and…
August 15, 2024Ravi LakshmananCyber espionage / data theft A previously unknown threat actor was attributed to a series of attacks on Azerbaijan and Israel to steal sensitive data. The attack campaign, discovered by NSFOCUS on July 1, 2024, used phishing emails to target Azerbaijani and Israeli diplomats. Activity is tracked under a pseudonym Actor 240524. “Actor240524 has the ability to steal secrets and modify file data using various countermeasures to avoid over-disclosure of attack tactics and methods,” the cybersecurity company said. said in an analysis published last week. Attack chains begin by using phishing emails containing Microsoft Word documents that,…
August 15, 2024Ravi LakshmananCloud Security / DevOps Duplicated newly discovered attack vector in GitHub Actions artifacts ArtiPACKED can be used to capture storage and gain access to organizations’ cloud environments. “A combination of misconfigurations and security flaws can lead to token artifacts leaking from both third-party cloud services and GitHub tokens, making them available for use by anyone with read access to the repository,” Yaran Avital, Division 42 Researcher at Palo Alto Networks . said in a report released this week. “This allows attackers with access to these artifacts to potentially compromise the services these secrets provide access to.” The…
August 15, 2024Ravi LakshmananNetwork Security / Cybercrime Cyber security researchers have discovered a new variant Gaffit botnet targeting machines with weak SSH passwords for ultimate cryptocurrency mining on compromised instances using GPU processing power. This suggests that “the IoT botnet is targeting more reliable servers running in native cloud environments,” said Aqua Security researcher Assaf Morag said in the analysis on Wednesday. Gafgit (aka BASHLIT, Lizkebab, and Torlus), known as active in the wild since 2014, has a history exploiting weak or standard credentials to gain control over devices such as routers, cameras, and digital video recorders (DVRs). It is…
August 14, 2024Ravi LakshmananMalware / Network Security An an ongoing campaign of social engineering with alleged ties to the Black Basta ransomware group, has been linked to “several attempted intrusions” to steal credentials and deploy malware called SystemBC. “The initial bait used by threat actors remains the same: an email bomb followed by an attempt to call affected users and offer a fake solution,” Rapid7. saidadding that “external calls were typically made to affected users through Microsoft Teams.” The attack chain then convinces the user to download and install a legitimate remote access software called AnyDesk, which acts as a…
August 14, 2024Hacker newsPassword Security / Cyber Security Simply relying on traditional password security measures is no longer enough. When it comes to protecting your organization from credential-based attacks, it’s critical to lock down the basics first. Keeping your Active Directory secure is like making sure your front door is locked before investing in a high-end alarm system. Once the basics are covered, look at how to integrate external attack surface management (EASM) can significantly increase the security of your password, offering robust protection against potential cyber threats and hacks. First, secure your Active Directory IT administrators must not only…