Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence AI framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an...

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested

German law enforcement authorities have announced the disruption of a criminal service called dstat.cc that made it possible for other threat actors to easily mount distributed denial-of-service DDoS attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those...

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)

This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. You know, the ones they use in spy movies? 🕵️‍♀️ We're talking password-stealing bots, sneaky extensions that spy on you,...

Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)

As the holiday season approaches, retail businesses are gearing up for their annual surge in online and in-store traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain. Imperva, a Thales company, recently published its annu...

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...

New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls

Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing aka vishing techniques to trick users into parting with their personal information. "FakeCall is an extremely sophisticated Vishing attack that leverages...

Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It's a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using...

Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare

U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel's participation in the sporting event. The activity has...

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE , is estimated to have collected over 10,000 private...

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose...

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials...

Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns

Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it's taking the time to improve the experience. The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release...

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites

Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the...

New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics

Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. "While the iOS implant delivery method closely mirror...

LottieFiles Issues Warning About Compromised "lottie-player" npm Package

LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library. "On October 30th 6:20 PM UTC - LottieFiles were notified that our popular open source npm package for the web player...

Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as "the new perimeter", the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of h...

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 CVSS score: 8.1, has been addressed in version 6.5....

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

Threat actors linked to North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces , which...

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking , could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and accou...

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute an information stealer known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs...

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed...

Embarking on a Compliance Journey? Here's How Intruder Can Help

Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understa...

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence AI and machine learning ML models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI...

A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation

Sherlock Holmes is famous for his incredible ability to sort through mounds of information; he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant: "When you have eliminated the impossible, whatever remains, however improbable, must be the truth." Rather tha...

Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus

The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer. The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force...

U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing

The U.S. government USG has issued new guidance governing the use of the Traffic Light Protocol TLP to handle threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies. "The USG follows TLP markings on cybersecurity information...

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh...

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud...

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)

Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head...

Russian Espionage Group Targets Ukrainian Military with Malware via Telegram

A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to target the Ukrainian military under the Telegram persona Civil Defense. Google's Threat Analysis Group TAG and Mandiant are tracking the activity under the name UNC581...

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers

Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an ongoing North Korean campaign tracked as Contagious Interview. The Datadog Security Research team is...

Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage. "The campaigns target sensitive information from different crypto...

Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

Operational Technology OT security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly...

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement DSE on fully patched Windows systems, leading to operating system OS downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize...

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...

Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions

Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported th...

CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

The Computer Emergency Response Team of Ukraine CERT-UA has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust...

Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite

A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center CERT/CC said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers. The...

Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security

Apple has publicly made available its Private Cloud Compute PCC Virtual Research Environment VRE, allowing the research community to inspect and verify the privacy and security guarantees of its offering. PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced securit...

Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof?

Artificial Intelligence AI has rapidly evolved from a futuristic concept to a potent weapon in the hands of bad actors. Today, AI-based attacks are not just theoretical threats—they're happening across industries and outpacing traditional defense mechanisms. The solution, however, is not...

SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures

The U.S. Securities and Exchange Commission SEC has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies – Avaya, Check Point, Mimecast,...

Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations

The Irish data protection watchdog on Thursday fined LinkedIn €310 million $335 million for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising. "The inquiry examined LinkedIn's processing of personal data for the purposes of behavioral...

New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics

Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption f...

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services AWS Cloud Development Kit CDK that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access...

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance ASA that could lead to a denial-of-service DoS condition. The vulnerability, tracked as CVE-2024-20481 CVSS score: 5.8, affects the Remote Access VPN RAVPN service of...

Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA

Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency CISA, in coordination with the FBI, issues a...

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it made the discovery after it came across a novel attack chain in May 20...

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 CVSS score: 9.8, the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager FGFM protocol. "A missing...

New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection

New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Only part of this ga...

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is needed in terms of the way we approach identity security both from a strategic but also a technology...