Author: Admin
September 6, 2024Ravi LakshmananNetwork security / threat detection SonicWall has discovered that a recently patched critical security flaw affecting SonicOS could be actively exploited, so users should apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, has a CVSS score of 9.3 out of a maximum of 10. “Improper access control vulnerability has been identified in SonicWall SonicOS and SSLVPN management access, which could potentially lead to unauthorized access to resources and cause firewall failure under certain conditions,” SonicWall said in the updated guidance. Through recent developments, the company revealed that CVE-2024-40766 also affects the SSLVPN feature…
September 6, 2024Ravi LakshmananSoftware Security / Hacking Threat actors have long used typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading mined software and packages. These attacks usually involve registering domains or packages with names slightly altered from their legitimate counterparts (eg goog1e.com vs. google.com). Opponents targeting cross-platform open source repositories rely on developers making typos to get started attacks on software supply chains via PyPI, npm, Maven Central, NuGet, RubyGems, and Crate. Recent findings from cloud security company Orca show that even GitHub Actionscontinuous integration and continuous delivery (CI/CD) platforms are not immune to…
September 6, 2024Ravi LakshmananCryptocurrency Attack / APT The newly disclosed security flaw in OSGeo’s GeoServer GeoTools has been exploited by numerous campaigns to provide cryptocurrency miners, botnet malware such as Condi and JenX, and a notorious backdoor called SideWalk. The security vulnerability is a critical remote code execution flaw (CVE-2024-36401, CVSS score: 9.8) that could allow attackers to take control of sensitive instances. In mid-July, the US Cybersecurity and Infrastructure Security Agency (CISA) added it to the catalog of known exploitable vulnerabilities (KEV), based on evidence of active use. The Shadowserver Foundation stated that since July 9, 2024, it has…
The 2024 State of vCISO Report continues Cynomi’s tradition of exploring the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to an independent survey, demand for these services is growing, with both providers and customers reaping the benefits. The upward trend will continue, and even faster growth is expected in the future. However, service providers looking to enter the vCISO market must address challenges such as technology limitations and a lack of security and compliance expertise. For more information on the state of vCISOs, read Cynomi’s detailed report. Virtual CISO Health Review Report Global Surveyz, an independent…
September 6, 2024Ravi LakshmananWordPress Security / Webinar Cybersecurity researchers have discovered another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, identified as CVE-2024-44000 (CVSS score: 7.5), affects versions up to and including 6.4.1. This was resolved in version 6.5.0.1. “The plug-in suffers from an unauthenticated account hijacking vulnerability that allows any unauthenticated visitor to gain authentication access to any logged-in user, and in the worst case, gain access to the administrator role, allowing malicious plug-ins to be downloaded and installed” , — Rafi, Patchstack researcher.…
September 6, 2024Ravi LakshmananPrivacy / Data Security Telegram CEO Pavel Durau has broken his silence nearly two weeks after his arrest in France, saying the allegations are false. Durov: “If a country is dissatisfied with an Internet service, the accepted practice is to sue the service itself.” said in a 600-word statement on his Telegram account. “Using pre-smartphone-era laws to charge a CEO with crimes committed by third parties on a platform he controls is the wrong approach.” He was a fool is charged late last month for facilitating various forms of criminal activity on Telegram, including drug trafficking and…
September 6, 2024Ravi LakshmananCyber Security / Vulnerability A new security flaw has appeared addressed in the Apache OFBiz open source enterprise resource planning (ERP) system, which, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. A high severity vulnerability tracked as CVE-2024-45195 (CVSS score: 7.5), affects all software versions until 12/18/16. “An attacker without valid credentials exploits missing browser authorization checks in a web application to execute arbitrary code on the server,” Ryan Emmons, Rapid7 Security Researcher. said in a new report. It should be noted that CVE-2024-45195 is a workaround for a sequence of…
September 5, 2024Ravi LakshmananThreat Prevention / Software Security Veeam has sent security updates to address a total of 18 security flaws affecting its software products, including five critical vulnerabilities that could lead to remote code execution. The list of disadvantages is given below – CVE-2024-40711 (CVSS score: 9.8) – Vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1) – Vulnerability in Veeam ONE that could allow an attacker with agent service account credentials to perform remote code execution on the host machine CVE-2024-42019 (CVSS score: 9.0) – Vulnerability in Veeam ONE that allows…
September 5, 2024Ravi LakshmananMalware / Human rights Unnamed government entities in the Middle East and Malaysia are being targeted by an ongoing cyber campaign from June 2023 by an attacker known as Tropic Trooper. “The detection of this group (tactics, methods and procedures) in critical government structures in the Middle East, especially those involved in the study of human rights, represents a new strategic move for them,” – Sherif Magdi, Kaspersky security researcher. said. A Russian cybersecurity vendor said it detected activity in June 2024 after discovering a new version of the China Chopper web shell, a tool used by…
The US Department of Justice announced on Wednesday the seizure of 32 Internet domains used in a pro-Russian propaganda operation called Double as part of a broad set of activities. Accusing a Russian government-run foreign influence criminal enterprise of violating US money laundering and criminal trademark laws, the agency accused the companies Social Design Agency (SDA), Structura National Technology (Structura) and ANO Dialog of working at the behest of Russia. Administration of the President. That’s the goal saidconsists of “the covert dissemination of Russian government propaganda to reduce international support for Ukraine, strengthen pro-Russian policies and interests, and influence voters…