Amazon's Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug

The "hotpatch" released by Amazon Web Services AWS in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host. "Aside from containers, unprivileged processes can also exploit the patch...

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. The issue, assigned the identifier CVE-2022-22966, has a CVSS score of 9.1...

Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse

Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on...

SonicWall Urges Customers to Immediately Patch Critical SMA 100 Flaws

Network security vendor SonicWall is urging customers to update their SMA 100 series appliances to the latest version following the discovery of multiple security vulnerabilities that could be abused by a remote attacker to take complete control of an affected system. The flaws impact SMA 200, 21...

CronRAT: A New Linux Malware That's Scheduled to Run on February 31st

Researchers have unearthed a new remote access trojan RAT for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "enables server-sid...

Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice

The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source. The list of the...

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely

The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed fr...

A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran

Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan RAT capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky,...

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps

In July 2018, when Guizhou-Cloud Big Data GCBD agreed to a deal with state-owned telco China Telecom to move iCloud data belonging to Apple's China-based users to the latter's servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Now, according to a...

A Rust-based Buer Malware Variant Has Been Spotted in the Wild

Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called "Buer" written in Rust, illustrating how adversaries are constantly honing their malware toolsets to evade analysis. Dubbed "RustyBuer," the malware is propagated via email...

Researchers uncover a new Iranian malware used in recent cyberattacks

An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous...

Case Study: How Incident Response Companies Choose IR Tools

Many companies today have developed a Cybersecurity Incident Response IR plan. It's a sound security practice to prepare a comprehensive IR plan to help the organization react to a sudden security incident in an orderly, rational manner. Otherwise, the organization will develop a plan while...

How to Create a Culture of Kick-Ass DevSecOps Engineers

Much like technology itself, the tools, techniques, and optimum processes for developing code evolve quickly. We humans have an insatiable need for more software, more features, more functionality… and we want it faster than ever before, more qualitative, and on top of that: Secure. With an...

Cynet Offers IR Specialists Grants up to $1500 for each IR Engagement

In the past, the autonomous breach protection company Cynet announced that it is making Cynet 360 threat detection and response platform available at no charge for IR incident response service providers and consultants. Today Cynet takes another step and announces a $500 grant for Incident...

You Can Now Run Android on an iPhone With 'Project Sandcastle'

Not happy with your expensive iPhone and wondered if it's possible to run any other operating system on your iPhone, maybe, how to install Android on an iPhone or Linux for iPhones? Android phones can be rooted, and iPhones can be jailbroken to unlock new features, but so far, it's been close to...

Download Guide — Advanced Threat Protection Beyond the AV

At a certain point, almost every organization reaches the conclusion that there is a need to move past just the standard AV and firewall stack in order to soundly protect their environment. The common practice in recent years is to gain extra protection through implementing either EDR\EPP solutio...

Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years

Let's Encrypt, a free, automated, and open certificate signing authority CA from the nonprofit Internet Security Research Group ISRG, has said it's issued a billion certificates since its launch in 2015. The CA issued its first certificate in September 2015, before eventually reaching 100 million...

New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users

A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack —...

A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments

Phishing is still one of the widely used strategies by cybercriminals and espionage groups to gain an initial foothold on the targeted systems. Though hacking someone with phishing attacks was easy a decade ago, the evolution of threat detection technologies and cyber awareness among people has...

IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador's History

Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history. Personal records of more th...

Google, Mozilla, Apple Block Kazakhstan's Root CA Certificate to Prevent Spying

In a move to protect its users based in Kazakhstan from government surveillance, Google, Apple and Mozilla finally today came forward and blocked Kazakhstan's government-issued root CA certificate within their respective web browsing software. Starting today, Chrome, Safari and Firefox users in...

Julian Assange will no longer be the editor-in-chief of WikiLeaks

Julian Assange, the founder of popular whistleblower website WikiLeaks, is stepping down from the position of editor-in-chief of the organisation under "extraordinary circumstances." Assange, the 47-year-old Australian hacker, founded WikiLeaks in 2006 and has since made many high-profile leaks,...

TSMC Chip Maker Blames WannaCry Malware for Production Halt

Taiwan Semiconductor Manufacturing Company TSMC—the world's largest makers of semiconductors and processors—was forced to shut down several of its chip-fabrication factories over the weekend after being hit by a computer virus. Now, it turns out that the computer virus outbreak at Taiwan chipmake...

Malicious Software Packages Found On Arch Linux User Repository

Yet another incident that shows why you should never blindly trust packages from user-controlled software repositories. Arch Linux , one of the most popular independently developed Linux distributions, has removed three packages from its community-driven Arch User Repository AUR after they were...

Android Gets New Anti-Spoofing Feature to Make Biometric Authentication Secure

Google just announced its plan to introduce a new anti-spoofing feature for its Android operating system that makes its biometric authentication mechanisms more secure than ever. Biometric authentications, like the fingerprint, IRIS, or face recognition technologies, smoothen the process of...

Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites. So, if you have already cleaned up your hacked Magento...

Android P to Block Apps From Monitoring Device Network Activity

Do you know that any app you have installed on your Android phone can monitor the network activities—even without asking for any sensitive permission—to detect when other apps on your phone are connecting to the Internet? Obviously, they cant see the content of the network traffic, but can easily...

QR Code Bug in Apple iOS 11 Could Lead You to Malicious Sites

A new vulnerability has been disclosed in iOS Camera App that could be exploited to redirect users to a malicious website without their knowledge. The vulnerability affects Apple's latest iOS 11 mobile operating system for iPhone, iPad, and iPod touch devices and resides in the built-in QR code...

Warning : Java 6 vulnerable to zero-day exploit; added to Neutrino exploit kit

Hackers are using a new exploit for a bug in the out-of-date but popular Java 6 platform to attack victims, and has been added to a commercially available Neutrino exploit kit. The use of Java 6 still is prevalent, opening up a significant number of users to the threat. F-secure analyst Timo...

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection...

Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake. ESET, which first discovered the hacking group's intrusions targeting the...

China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access

The China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology IT supply chain as a means to obtain initial access to corporate networks. That's according to new findings...

Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. "The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated...

PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service DDoS botnets. The vulnerability in question is CVE-2024-4577 CVSS score: 9.8, which allows an attacker to...

Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service

Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors. The vulnerabilities, according to...

How to Use Tines's SOC Automation Capability Matrix

Created by John Tuckner and the team at automation and AI-powered workflow platform Tines, the SOC Automation Capability Matrix SOC ACM is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents. A...

Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure

Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service DoS. The list of flaws is as follows - CVE-2024-21894 CVSS score: 8.2 - A heap overflow vulnerability in the IPSec...

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. "It's possible to send malicious pull requests with attacker-controlled data from the Huggin...

New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam

Facebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022. The malware is "notable for its ability to automatically filter out Facebook session cookies and credentials stolen from compromised devices, and assess wheth...

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries

The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play's enhanced detection and...

Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor

The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal. Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garud...

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 CVSS score: 9.9, the issue stems...

New Rugmi Malware Loader Surges with Hundreds of Daily Detections

A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer aka LummaC2, Vidar, RecordBreaker aka Raccoon Stealer V2, and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. "This malware ...

Iranian Hackers Launch Destructive Cyber Attacks on Israeli Tech and Education Sectors

Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware. The intrusions, which took place as recently as October, have been attributed to an Iranian...

Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows

A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. "In this...

Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations

Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that's used by 30,000 organizations. The vulnerabilities, collectively tracked as CVE-2023-32560 CVSS score: 9.8, are stack-based buffer overflows in Ivanti Avalanche...

Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw

No less than 330,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that has come under active exploitation in the wild. Cybersecurity firm Bishop Fox, in a report published last week, said that out of nearly 490,000...

Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021

The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...

German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics

German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users' Gmail inboxes. The joint advisory comes from Germany's domestic intelligence apparatus, the Federal Office for the Protection of...

New Mirai Botnet Variant 'V3G4' Exploiting 13 Flaws to Target Linux and IoT Devices

A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different...