News, Announcements, Tech Discussions
Recently active
November 20, 2024 By Sergiu Gatlan MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024.Software weaknesses refer to flaws, bugs, vulnerabilities, and errors found in software's code, architecture, implementation, or design.Attackers can exploit them to breach systems where the vulnerable software is running, enabling them to gain control over affected devices and access sensitive data or trigger denial-of-service attacks."Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working," MITRE said today."Uncovering the root causes of these vulnerabilities serves as a powerful guide for investments, policies, and practices to prevent these vulnerabilities from occurring in the first place — benefiting both industry and government stakeholders."To
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow VulnerabilityCVE-2024-38813 VMware vCenter Server Privilege Escalation VulnerabilityThese types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges al
Attackers most frequently targeted education, energy and transportation organisations November 20, 2024 By Cybersecurity Dive Password-spray attacks yielded prolific results for attackers across multiple sectors in North America and Europe during Q2 and Q3, the Trellix Advanced Research Center said in a report.The attack surface for password-spray attacks is vast, Trellix found. Attackers commonly target cloud-based systems, including Microsoft 365, Okta, Google Workspace, VPNs, Windows Remote Desktop, AWS, Google Cloud Platform and Microsoft Azure.Attackers most frequently targeted password-spray attacks at education, energy and transportation organisations during the six-month period, the report found. >>Full Article<<
November 20, 2024 By Bill Toulas Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04.The flaws were discovered by Qualys and are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. They were introduced in needrestart version 0.8, released in April 2014, and fixed only yesterday, in version 3.8.Needrestart is a utility commonly used on Linux, including on Ubuntu Server, to identify services that require a restart after package updates, ensuring that those services run the most up-to-date versions of shared libraries.Summary of LPE flawsThe five flaws Qualys discovered allow attackers with local access to a vulnerable Linux system to escalate their privilege to root without user interaction.Complete information about the flaws was made available in a separate text file, but a summary can be found below:CVE-2024-48990: N
November 19, 2024 By Brian Krebs The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.London-based Finastra has offices in 42 countries and reported $1.9 billion in revenues last year. The company employs more than 7,000 people and serves approximately 8,100 financial institutions around the world. A major part of Finastra’s day-to-day business involves processing huge volumes of digital files containing instructions for wire and bank transfers on behalf of its clients.On November 8, 2024, Finastra notified financial institution customers that on Nov. 7 its security team detected suspicious activity on Finastra’s internally hosted file transfe
November 20, 2024 By Pieter Arntz Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end.It all starts with an email titled “Sad announcement” followed by a full name of someone you know. The email may appear to come from the person themselves.A co-worker who received such an email pointed it out to our team. Looking around, I found the first report about such an email in a tweet dating back to February 5, 2024.With some more information about what I was looking for, I managed to find several more.There is a great deal of variation between the emails, but we do have enough samples to show you a pattern which looks like this:Subject: Sad announcement: <First name><Last name>Sometimes the colon is replaced by the word “from”.Then a short sentence to pique the reader’s curiosity, which often references photos. Here are some examples: >>Full Article<<
November 20, 2024 By Pierluigi Paganini Threat actors exploit misconfigured JupyterLab and Jupyter Notebooks servers to rip sports streams and illegally redistribute them.Researchers from security firm Aqua observed threat actors exploiting misconfigured JupyterLab and Jupyter Notebook servers to hijack environments, deploy streaming tools, and duplicate live sports broadcasts on illegal platforms.“threat actors using misconfigured servers to hijack environments for streaming sports events. By exploiting misconfigured JupyterLab and Jupyter Notebook applications, attackers drop live streaming capture tools and duplicate the broadcast on their illegal server, thus conducting stream ripping” reads the report published by Aqua.JupyterLab and Jupyter Notebook are widely used interactive tools for data science. While essential for data operations, improper security configurations can expose organizations to risks, making secure deployment critical. >>Full Article<<
November 20, 2024 By Bill Toulas Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed 'Ghost Tap,' which relays NFC card data to money mules worldwide.The tactic builds upon the methods previously deployed by mobile malware like NGate, documented by ESET in August, which involved relaying Near Field Communication (NFC) signals from payment cards.Ghost Tap is more obfuscated and more challenging to detect, does not require the card or the victim's device, doesn't need continual victim interchange, and involves money mules on multiple remote locations interacting with Point of Sale (PoS) terminals.Mobile security firm Threat Fabric discovered Ghost Tap, which warns about the increasing adoption and potential of the new tactic, telling BleepingComputer it has recently seen a spike in using this tactic in the wild. >>Full Article<<
Mac keyboard shortcuts are a great way to speed yourself up when you’re using your computer. Mastering them means more time spent getting things done and less time spent moving your hands back and forth between keyboard and trackpad.There are the basic Mac keyboard shortcuts like Command-C and Command-V for copy and paste; Command-B, Command-I and Command-U for bold, italics and underline; Command-Z and Shift-Command-Z for undo and redo. But for a lot of people, that’s where their knowledge ends.You can do so much more than you may know. Here’s a guide to the best Mac keyboard shortcuts. ⇨⇨ Full Article ⇦⇦
November 19, 2024 By Ionut Ilascu The Ngioweb botnet, which supplies most of the 35,000 bots in the cybercriminal NSOCKS proxy service, is being disrupted as security companies block traffic to and from the two networks.Following an investigation of more than one year, researchers identified the complete architecture and traffic of the Ngioweb botnet proxy server, which was first observed in 2017.Ngioweb supplying 80% of NSOCKS proxiesSince late 2022, the proxy service at nsocks[.]net has been providing residential gateways for malicious activity under the NSOCKS name.Multiple cybersecurity companies have reported that many of the proxies offered by NSOCKS were from the Ngioweb botnet but not all its command-and-control (C2) nodes were discovered. Ngioweb post-compromise activitysource: Lumen >>Full Article<<
See Also Apple security updates and Rapid Security Responses 19th November 2024 Apple rushes out out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild. November 19, 2024 By Ryan Naraine Apple has rushed out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild.The vulnerabilities, credited to Google’s TAG (Threat Analysis Group), are being actively exploited on Intel-based macOS systems, Apple confirmed in an advisory released on Tuesday.As is customary, Apple’s security response team did not provide any details on the reported attacks or indicators of compromise (IOCs) to help defenders hunt for signs of infections.Raw details on the patched vulnerabilities:CVE-2024-44308 — JavaScriptCore — Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.CV
November 19, 2024 By Bill Toulas The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices.French cybersecurity firm Sekoia is reporting this with medium confidence based on recent observations of Helldown attacks.Although not among the major players in the ransomware space, Helldown has quickly grown since its launch over the summer, listing numerous victims on its data extortion portal.Victim announcementsSource: Sekoia >>Full Article<<
The tech giant is upping the bounties attached to several popular systems. November 19, 2024 By Greg Otto Microsoft has announced the launch of Zero Day Quest, a significant expansion of its bug bounty programs, focused on uncovering high-impact security vulnerabilities in cloud and AI technologies. Under the program, Microsoft will double the bounty rewards for eligible AI vulnerabilities from Nov. 19, 2024, to Jan. 19, 2025, and give researchers direct access to the company’s dedicated AI engineers and the AI Red Team, which specializes in probing AI systems for potential security flaws. The initiative is part of Microsoft’s broader Secure Future Initiative, launched to pre-emptively address security vulnerabilities across its extensive suite of products and services.Microsoft will also be adding bonus bounty multipliers for valid, important or critical severity issues across Microsoft’s AI, Azure, Microsoft Identity, M365, Dynamics 365, and Power Platform for the length of the chall
See Also Palo Alto Networks warns of critical RCE zero-day exploited in attacks Palo Alto Networks has released patches and CVEs for the firewall zero-days exploited in what the company calls Operation Lunar Peek. November 19, 2024 By Eduard Kovacs Palo Alto Networks on Monday released patches and assigned CVE identifiers for the firewall zero-days that have been exploited in what the company is tracking as Operation Lunar Peek.The security firm reported learning about a potential zero-day in early November — possibly after seeing a sales offer on a cybercrime forum — and confirmed in-the-wild exploitation of a new vulnerability on November 15. On Monday, the cybersecurity giant informed customers that two PAN-OS vulnerabilities have been exploited in these attacks, which targeted “a limited number of management web interfaces that are exposed to internet traffic coming from outside the network”.One of the zero-days is CVE-2024-0012, a critical authentication bypass flaw that allows an
November 19, 2024 By Bill Toulas Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum.The leak was announced on Sunday by threat actor 'EnergyWeaponUser,' also implicating the hacker 'IntelBroker,' who supposedly took part in the November 2024 breach.The threat actors leaked on BreachForums 44,000 Ford customer records containing customer information, including full names, physical locations, purchase details, dealer information, and record timestamps.The exposed records aren't extremely sensitive, but they still contain personally identifiable information that could empower phishing and social engineering attacks targeting the exposed individuals. >>Full Article<<