October, 2024
October 31, 2024 – Vulnerabilities
‘CrossBarking’ Attack Exposes Opera Browser Users via Private APIs Full Text
Abstract
Guardio researchers demonstrated how hackers could exploit private APIs in Opera browser, gaining the ability to manipulate settings, hijack accounts, disable security extensions, add malicious extensions, and more.Dark Reading
October 31, 2024 – Vulnerabilities
Researchers Uncover Vulnerabilities in Open-Source AI and ML Models Full Text
Abstract
Around three dozen security vulnerabilities have been uncovered in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which pose risks of remote code execution and data theft.The Hacker News
October 31, 2024 – Phishing
Chenlun’s Evolving Phishing Tactics Target Trusted Brands Full Text
Abstract
The newest wave of phishing, observed on October 18, 2024, involves messages alarming users about suspicious account activity and directing them to verify accounts through malicious links.Infosecurity Magazine
October 31, 2024 – Vulnerabilities
ChatGPT can be Manipulated Using Hexadecimal Encoding Full Text
Abstract
This technique leverages the model's ability to process multiple input formats and its focus on step-by-step instructions. By encoding malicious instructions in hexadecimal format, the model is tricked into decoding and executing them.Dark Reading
October 31, 2024 – Attack
Massive PSAUX Ransomware Attack Targets 22,000 CyberPanel Instances Full Text
Abstract
LeakIX reported over 21,000 vulnerable CyberPanel instances exposed online, mainly in the U.S. Overnight, cybercriminals likely exploited these servers, installing the PSAUX ransomware to drastically reduce the number of exposed instances.Bleeping Computer
October 30, 2024 – Business
Zenity Raises $38 Million Series B to Protect AI Copilots From Cyber Threats Full Text
Abstract
Zenity, an Israeli startup specializing in securing AI copilots, raised $38 million in a Series B funding round led by Third Point Ventures and DTCP, with support from Microsoft’s M12 fund, Intel Capital, UpWest, and Vertex Ventures.Calcalist
October 30, 2024 – Business
Proofpoint Expands Data Security With Normalyze Acquisition Full Text
Abstract
Email security vendor Proofpoint has acquired Normalyze, a data security posture management startup, to address the growing security challenges tied to human error within complex data ecosystems.Bank Infosecurity
October 30, 2024 – Vulnerabilities
Attacker Abuses Victim Resources to Reap Rewards from Titan Network Full Text
Abstract
Trend Micro researchers observed an attacker exploiting the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network.Trend Micro
October 30, 2024 – Criminals
Redline, Meta Infostealer Malware Operations Seized by Police Full Text
Abstract
The Dutch National Police, in collaboration with the FBI and other international agencies, have successfully gained full access to the servers used by the Redline and Meta infostealers.Bleeping Computer
October 30, 2024 – Vulnerabilities
New Windows Themes Zero-Day Gets Free, Unofficial Patches Full Text
Abstract
ACROS Security researchers found the new zero-day flaw while developing a micropatch for a security issue, which could leak user credentials, bypassing another Windows Themes spoofing vulnerability patched by Microsoft in January.Bleeping Computer
October 29, 2024 – Phishing
Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials Full Text
Abstract
Netskope Threat Labs reported a ten-fold increase in traffic to phishing pages created with Webflow between April and September 2024, affecting over 120 organizations worldwide.The Hacker News
October 29, 2024 – Vulnerabilities
PoC Exploit Released for 9.9-Rated Critical Grafana Vulnerability Full Text
Abstract
This vulnerability affects Grafana versions 11.0.x, 11.1.x, and 11.2.x, with a CVSS score of 9. 9, allowing attackers with 'viewer' permissions to exploit the SQL expressions feature.Security Online
October 29, 2024 – Government
U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing Full Text
Abstract
The U.S. government follows Traffic Light Protocol (TLP) markings voluntarily on cybersecurity information to build trust in data handling for collaboration with partners.The Hacker News
October 29, 2024 – Vulnerabilities
Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published Full Text
Abstract
This vulnerability, identified as CVE-2024-46483, allows unauthenticated attackers to execute remote code or trigger denial of service due to a pre-authentication heap overflow issue.Security Online
October 29, 2024 – APT
Evasive Panda Using New CloudScout Toolset to Steal Data From Google Drive, Gmail, and Outlook Full Text
Abstract
A toolset called CloudScout developed by the APT group Evasive Panda is targeting Taiwanese institutions to extract cloud-based data. The attacks, discovered by ESET, exploit session cookies stolen by MgBot plugins to access cloud services.WeLiveSecurity
October 29, 2024 – Vulnerabilities
CLFS Flaw in Windows 11 Allows for Privilege Escalation, PoC Published Full Text
Abstract
The issue is in the CClfsBaseFilePersisted::WriteMetadataBlock function, related to an unverified return value in ClfsDecodeBlock, leading to potential data corruption in CLFS, and a way for privilege escalation.Security Online
October 29, 2024 – Attack
Russia Targets Ukrainian Military via Spoofed Recruitment App Full Text
Abstract
Researchers from Google's Threat Intelligence Group (TAG) and Mandiant have identified a campaign named UNC5812 that uses a fake version of the "Civil Defense" tool to drop malware and spread misinformation.Dark Reading
October 29, 2024 – Vulnerabilities
Synology Fixes Critical Vulnerabilities in Synology Photos and BeePhotos After Pwn2Own Exposure Full Text
Abstract
Synology has released security updates to patch critical vulnerabilities in Synology Photos and BeePhotos, its photo management applications for network-attached storage (NAS) and personal cloud storage devices.Security Online
October 29, 2024 – Vulnerabilities
New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors Full Text
Abstract
New research has revealed that both AMD and Intel processors are still vulnerable to speculative execution attacks, such as the Spectre security flaw discovered over six years ago.The Hacker News
October 29, 2024 – Policy and Law
Four REvil Members Sentenced to More Than Four Years in Prison Full Text
Abstract
Artem Zayets and Alexey Malozemov received four-and-a-half and five years, respectively, while Daniil Puzyrevsky and Ruslan Khansvyarov got five-and-a-half and six years in prison each.The Record
October 28, 2024 – APT
Russia’s APT29 Mimics AWS to Steal Windows Credentials Full Text
Abstract
A recent campaign by APT29 involved sending emails from fake Amazon Web Services (AWS) domains to trick recipients into opening malicious attachments containing configuration files for Remote Desktop.Dark Reading
October 28, 2024 – Vulnerabilities
Critical RCE Flaw in VMware vCenter Revealed Full Text
Abstract
This vulnerability, classified as CWE-122 (Heap-based Buffer Overflow), allows attackers to exploit memory handling in the DCERPC protocol and potentially execute remote code.Security Online
October 28, 2024 – Vulnerabilities
New Windows Driver Signature Bypass Allows Kernel Rootkit Installs Full Text
Abstract
Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems by taking control of the Windows Update process.Bleeping Computer
October 28, 2024 – Attack
HeptaX Cyberespionage Campaign Snoops Through Unauthorized RDP Connections Full Text
Abstract
The attackers heavily rely on PowerShell and BAT scripts to download additional payloads and create an administrative user account on compromised systems, lowering authentication barriers for unauthorized remote access.The Cyber Express
October 28, 2024 – Vulnerabilities
Critical RKE2 Flaw Exposes Windows Nodes to Privilege Escalation Full Text
Abstract
A critical security flaw, CVE-2023-32197, has been discovered in RKE2, affecting Windows nodes and allowing unauthorized access to sensitive files. This vulnerability, rated 9.1 on the CVSS scale, poses a privilege escalation risk.Security Online
October 28, 2024 – Cryptocurrency
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining Full Text
Abstract
The TeamTNT cryptojacking group is preparing for a new large-scale campaign targeting cloud-native environments to mine cryptocurrencies and rent out breached servers to third parties.Aqua
October 28, 2024 – Phishing
Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data Full Text
Abstract
The attackers, identified as UAC-0218, send phishing links disguised as bills or payment details, which actually contain malware designed to steal data from victims' devices.Infosecurity Magazine
October 28, 2024 – Vulnerabilities
WhatsUp Gold Users Beware: Critical Authentication Bypass Flaw Exposed Full Text
Abstract
Progress Software has disclosed a severe vulnerability in WhatsUp Gold, a network monitoring solution, exposing organizations to cyberattacks by allowing unauthorized access to user credentials.Security Online
October 28, 2024 – Ransomware
Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks Full Text
Abstract
In a recent campaign observed by Rapid7 and ReliaQuest, Black Basta flooded employees' inboxes with emails and then contacted them through Microsoft Teams, posing as corporate help desks to assist with spam issues.Bleeping Computer
October 28, 2024 – Vulnerabilities
Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite Full Text
Abstract
A security flaw in the Wi-Fi Test Suite could allow unauthenticated local attackers to run arbitrary code with elevated privileges. The vulnerability, known as CVE-2024-41992, affects Arcadyan FMIMG51AX000J routers.The Hacker News
October 23, 2024 – Malware
Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA Full Text
Abstract
The malware's execution relies on legitimate tools like PowerShell and mshta.exe. Once the fake CAPTCHA is clicked, a Base64-encoded PowerShell script is copied to the clipboard, triggering the download of a stager file.Qualys
October 23, 2024 – Vulnerabilities
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability Full Text
Abstract
VMware has released software updates to address a security flaw in the vCenter Server, known as CVE-2024-38812, with a CVSS score of 9.8. The vulnerability involves a heap overflow issue in the DCE/RPC protocol implementation.The Hacker News
October 23, 2024 – Vulnerabilities
Fortinet Releases Patches for Undisclosed Critical FortiManager Vulnerability Full Text
Abstract
Fortinet has issued critical security updates for FortiManager to address a vulnerability exploited by Chinese threat actors. The company privately informed select customers of the issue and provided temporary mitigation advice.Help Net Security
October 23, 2024 – Government
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack Full Text
Abstract
The vulnerability, known as CVE-2024-9537, allows remote code execution due to a bug in a third-party component. Versions 12.1.3, 12.2.3, and 12.3 have been patched, along with versions 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.The Hacker News
October 23, 2024 – Malware
Early Cascade Injection Technique Enables Windows Process Creation and Stealthy Injection Full Text
Abstract
Researcher Guido Miggelenbrink from Outflank has introduced a new process injection method called Early Cascade Injection. This technique adds sophistication to evading Endpoint Detection and Response (EDR) systems, challenging even top-tier EDRs.Outflank
October 23, 2024 – Attack
Attackers Target Exposed Docker Remote API Servers With perfctl Malware Full Text
Abstract
The attack sequence starts with probing the Docker Remote API server by pinging it, creating a container with specific settings, and executing payloads using the Docker Exec API.Trend Micro
October 23, 2024 – Malware
VOIDMAW: A New Bypass Technique for Memory Scanners Full Text
Abstract
VOIDMAW is an innovative memory scanning bypass technique utilized by attackers to evade antivirus software. It can run non-. NET executables and supports multithreaded payloads, making it a potent tool for attackers.Security Online
October 23, 2024 – Malware
Fake WordPress Plugins on 6,000 Sites Prompt Users to Install Malware Full Text
Abstract
The malware campaign is based on ClickFix fake browser update malware and has infected over 6,000 sites since June 2024, totaling over 25,000 sites since August 2023. The hackers are using stolen credentials to install the bogus plugins.The Cyber Express
October 23, 2024 – Malware
Researchers Report Possible Bumblebee Loader Resurgence Full Text
Abstract
The Bumblebee loader resurfaced following the disruption of Operation Endgame in May 2024. Netskope Threat Labs identified a new infection chain employing Bumblebee malware, marking its return since the operation that targeted major malware botnets.Infosecurity Magazine
October 22, 2024 – Attack
Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain Full Text
Abstract
APT41, a Chinese nation-state actor, conducted a cyberattack targeting the gambling and gaming industry. Over six months, they gathered valuable information from a company including network configurations and user passwords.The Hacker News
October 22, 2024 – Malware
GHOSTPULSE Employs New Pixel-Level Deception to Hide in PNG Files Full Text
Abstract
Elastic Security Labs has discovered a significant development in the GHOSTPULSE malware family, which now hides its payload within the pixel structure of PNG files to evade detection.Elastic
October 22, 2024 – Ransomware
Beast Ransomware: RaaS Platform Targets Windows, Linux, and VMware ESXi Full Text
Abstract
Cybereason recently analyzed the Beast Ransomware, a Ransomware-as-a-Service platform actively targeting organizations since 2022, evolving with new features for Windows, Linux, and VMware ESXi servers.Security Online
October 22, 2024 – Phishing
Bored BeaverTail Yacht Club – A Lazarus Lure Full Text
Abstract
eSentire’s Threat Response Unit (TRU) has uncovered a phishing campaign targeting software developers using a fake NFT project called “Bored BeaverTail Yacht Club” to distribute malware known as BeaverTail.Esentire
October 22, 2024 – Vulnerabilities
Oracle WebLogic Flaw That Could Give Attackers Full Control Full Text
Abstract
These vulnerabilities, affecting versions 12.2.1.4.0 and 14.1.1.0.0, have high CVSS scores with CVE-2024-21216 being particularly critical, allowing for a remote system takeover.Security Online
October 22, 2024 – Vulnerabilities
Critical Flaw in SICK Products Exposes Systems to Remote Attacks Full Text
Abstract
A critical vulnerability in various SICK products, identified as CVE-2024-10025, poses a significant cybersecurity risk to industries using the company's automation and sensor technologies.Security Online
October 22, 2024 – APT
New China-Nexus APT Group IcePeony Targeting Asian Nations Full Text
Abstract
IcePeony employs sophisticated attack methods such as SQL injection, webshells, and a unique malware known as "IceCache" to achieve its goals. The group's primary objective seems to be credential theft.Security Online
October 22, 2024 – Vulnerabilities
Critical Flaw in Synology Camera Firmware Expose Devices to RCE and DoS Attacks Full Text
Abstract
Synology has released a security advisory, Synology-SA-24:17, warning of critical vulnerabilities in its camera firmware products such as Synology Camera BC500, TC500, and CC400W.Security Online
October 22, 2024 – Vulnerabilities
Critical File Read Flaw Discovered in Vendure E-commerce Platform Full Text
Abstract
Vendure, a popular open-source headless commerce platform, recently patched a critical security vulnerability (CVE-2024-48914) that allows attackers to read arbitrary files from the server.Security Online
October 22, 2024 – Vulnerabilities
Update: Microsoft Windows Flaw PoC Exploit Published, Posing SYSTEM Privilege Threat Full Text
Abstract
Security researcher Angelboy (@scwuaptx) from DEVCORE discovered a privilege escalation vulnerability in Microsoft's Kernel Streaming service, labeled as CVE-2024-30090 with a CVSS score of 7.0.Security Online
October 17, 2024 – General
Hybrid Work Exposes New Vulnerabilities in Print Security Full Text
Abstract
Hybrid work models have led to new vulnerabilities in corporate print infrastructure, including insecure and unmanaged printers, inadequate user authentication, exposed local spools, and inconsistent patching practices.Dark Reading
October 17, 2024 – Criminals
Brazil’s Polícia Federal Arrested the Notorious Hacker USDoD Full Text
Abstract
Brazil's Polícia Federal has arrested hacker USDoD, known for breaches of National Public Data and InfraGard portals. CrowdStrike identified USDoD as Luan BG, a 33-year-old Brazilian man from Minas Gerais.Security Affairs
October 17, 2024 – Criminals
Sri Lankan Police Arrest Over 200 Chinese Scammers Full Text
Abstract
Sri Lankan authorities have arrested over 200 Chinese nationals for overstaying their visitor visas and participating in financial scams targeting victims in Asia. Raids led to the arrest of cybercriminals conducting pig-butchering scams.Healthcare Infosecurity
October 17, 2024 – Policy and Law
Russia’s Case Against REvil Hackers Proceeds as Government Recommends 6.5-Year Sentences Full Text
Abstract
The Russian military prosecutor's office is seeking prison terms of up to 6.5 years for four individuals associated with the REvil hacking group, known for ransomware attacks. The group was disbanded in 2021, leading to the arrest of 14 suspects.The Record
October 17, 2024 – Policy and Law
US Charges Two Sudanese Nationals With Running ‘Anonymous Sudan’ Hacking Group Full Text
Abstract
Two brothers Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer were charged with running the hacking group Anonymous Sudan, responsible for launching 35,000 DDoS attacks worldwide, targeting governments, hospitals, and critical infrastructure.NextGov
October 17, 2024 – Attack
Hackers Target Ukraine’s Potential Conscripts With MeduzaStealer Malware Full Text
Abstract
Hackers are targeting potential conscripts in Ukraine with the MeduzaStealer malware, distributed through a Telegram account disguised as a technical support bot for the Reserve+ government app.The Record
October 17, 2024 – General
Nearly 400 US Healthcare Institutions Hit with Ransomware Over Last Year, Microsoft Says Full Text
Abstract
Microsoft's annual Digital Defense Report revealed that 389 U.S. healthcare institutions fell victim to ransomware attacks in the last fiscal year, leading to network closures, system shutdowns, and disrupted medical operations.The Record
October 17, 2024 – Vulnerabilities
Critical Authentication Bypass Vulnerability Patched in Apache Solr Full Text
Abstract
CVE-2024-45216 affects instances using PKIAuthenticationPlugin, potentially allowing authentication bypass. The second flaw, CVE-2024-45217, involves insecure initialization of ConfigSets during backup restore, enabling remote code execution.Security Online
October 17, 2024 – Government
UK Government Launches AI Safety Scheme to Tackle Deepfakes Full Text
Abstract
The AI Safety Institute’s Systemic Safety Grants Programme will provide researchers with up to £200,000 to investigate AI threats and potential solutions, particularly in sectors like healthcare and financial services.Infosecurity Magazine
October 16, 2024 – Vulnerabilities
E2EE Cloud Storage Vulnerabilities Exposed in Multiple Providers Full Text
Abstract
A report from Jonas Hofmann and Kien Tuong Truong of ETH Zurich revealed vulnerabilities in major end-to-end encryption (E2EE) cloud storage providers like Sync, pCloud, Icedrive, Seafile, and Tresorit.Security Online
October 16, 2024 – Government
CISA Adds Three Vulnerabilities in Windows Kernel, Mozilla Firefox, and SolarWinds Web Help Desk to KEV Catalog Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding three critical security vulnerabilities affecting various software, including Microsoft Windows, Mozilla Firefox, and SolarWinds Web Help Desk.CISA
October 16, 2024 – Vulnerabilities
Recently-Patched Firefox Bug Exploited Against Tor Browser Users Full Text
Abstract
The Tor anonymity network issued an emergency patch for a security flaw (CVE-2024-9680) that lets attackers run malicious code in the browser's content process. It was discovered by ESET and first fixed by Mozilla in Firefox.The Record
October 16, 2024 – Vulnerabilities
Jetpack Fixes Critical Information Disclosure Flaw Existing Since 2016 Full Text
Abstract
The issue has affected all Jetpack versions since 3.9.9. Automattic released patches for 101 impacted versions, urging website owners to ensure their plugins have been updated. No evidence of exploitation exists so far.Bleeping Computer
October 16, 2024 – Vulnerabilities
Rittal IoT Interface and CMC III Processing Unit Plagued by Critical Security Flaws Full Text
Abstract
The flaws include improper signature verification for firmware upgrades (CVE-2024-47943), missing protection for alternate hardware interfaces (CVE-2024-47944), and predictable session ID generation (CVE-2024-47945).Security Online
October 16, 2024 – Malware
Hijack Loader Found Abusing Genuine Code-Signing Certificates Full Text
Abstract
Cybersecurity researchers have unveiled a new malware campaign involving Hijack Loader artifacts signed with legitimate code-signing certificates. HarfangLab detected the attack chains aiming to deploy Lumma, an information stealer.HarFang Lab
October 16, 2024 – Vulnerabilities
CVE-2024-9486 (CVSS 9.8): Kubernetes Image Builder Flaw Exposes VMs to Root Access Full Text
Abstract
The Kubernetes Security Response Committee reported two vulnerabilities in the Kubernetes Image Builder (CVE-2024-9486 and CVE-2024-9594) that could lead to root access on VMs due to default credentials used during the image build process.Security Online
October 16, 2024 – Malware
New Linux Variant of FASTCash Malware Helps Steal Money From ATMs Full Text
Abstract
The new Linux variant was submitted to VirusTotal in June 2023 and can evade standard security tools, enabling the hackers to conduct transactions without detection. Additionally, a new Windows version was submitted in September 2024.Bleeping Computer
October 16, 2024 – Vulnerabilities
Linux Systems Vulnerable to New ‘noexec’ Bypass Technique: Arbitrary Code Execution Now Possible Full Text
Abstract
The technique involves using Perl, Bash, and PHP scripts to inject shellcode into running processes and load binaries from memory, even on partitions with 'noexec' enabled.Security Online
October 16, 2024 – Malware
ErrorFather Campaign Deploys Cerberus Android Banking Trojan to Amplify Cyber Threats Full Text
Abstract
This malware communicates with a Telegram bot and conducts financial fraud through remote attacks, keylogging, and overlay attacks. Despite modifications, ErrorFather is still based on the original Cerberus code.Cyble
October 15, 2024 – Phishing
Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Full Text
Abstract
The malicious emails contain ZIP files with harmful attachments that use mshta. exe to execute obfuscated JavaScript commands and establish connections to a command and control (C&C) server.Trend Micro
October 15, 2024 – Breach
Banking Trojan TrickMo Compromised 13,000 Devices, Now Steals Device Unlock Patterns and PINs Full Text
Abstract
Malware analyst Aazim Yaswant from Zimperium has unveiled new advanced features in the latest TrickMo samples, a banking trojan initially disclosed by Cleafy. The variant uses evasion techniques like obfuscation and zip file manipulation.Security Online
October 15, 2024 – Phishing
Gmail Scam Alert: Hackers Spoof Google to Steal Credentials Full Text
Abstract
Security expert Sam Mitrovic recently warned about an advanced AI-driven phishing scheme aimed at Gmail users, including himself. The scheme began with a fake email from Google requesting an account recovery, followed by a fraudulent login page.Security Online
October 15, 2024 – Vulnerabilities
Zero-day Flaws Exposed EV Chargers to Shutdowns and Data Theft Full Text
Abstract
The vulnerabilities, rated as high and medium severity, could allow unauthorized access, disruption of charger operations, and privilege escalation for limited users. Exploiting these vulnerabilities could lead to remote code execution.Hack Read
October 15, 2024 – General
Command-Jacking: The New Supply Chain Attack Technique Full Text
Abstract
Cybersecurity researchers have discovered that entry points in various programming ecosystems, such as PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates, can be exploited for software supply chain attacks.CheckMarx
October 15, 2024 – Vulnerabilities
Researcher Reveals Critical Zendesk Email Spoofing Flaw Full Text
Abstract
Security researcher Daniel uncovered a critical email spoofing flaw in Zendesk's system. Despite Zendesk initially dismissing the report, the seriousness of the vulnerability was acknowledged later, prompting companies to take immediate action.Security Online
October 15, 2024 – Vulnerabilities
Microsoft Issues Guidance to Combat Rising Kerberoasting Attacks Full Text
Abstract
Kerberoasting attacks exploit the Kerberos protocol to steal AD credentials, allowing attackers extensive access to sensitive resources. It involves attackers cracking encrypted service tickets to obtain credentials and gain unauthorized access.Security Online
October 15, 2024 – Attack
Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions Full Text
Abstract
The group uses sophisticated tactics like leveraging Microsoft Exchange servers for credentials theft and exploiting vulnerabilities for privilege escalation. They blend malicious activity with normal network traffic to evade detection.Trend Micro
October 15, 2024 – Vulnerabilities
Popular Java Security Framework ‘pac4j’ Vulnerable to RCE Full Text
Abstract
Researcher Michael Stepankin from GitHub Security Lab identified a critical flaw in pac4j versions prior to 4.0.0. The vulnerability arises from improper handling of user profile attributes, allowing attackers to inject malicious serialized objects.Security Online
October 15, 2024 – Vulnerabilities
Plane Project Management Tool Patches Critical SSRF Flaw Full Text
Abstract
This vulnerability could result in unauthorized access, sensitive data leakage, system manipulation, and port scanning. Users are advised to update to version v0.23 to mitigate the CVE-2024-47830 vulnerability that affects all versions prior.Security Online
October 14, 2024 – Business
Cyrisma Raises $7M in Funding Full Text
Abstract
The Series A funding round was led by Blueprint Equity, with participation from SaaS Venture and Golden Ventures. Blueprint Equity’s Sheldon Lewis will join Cyrisma’s Board of Directors.Finsmes
October 14, 2024 – General
Report: 156% Increase in OSS Malicious Packages Full Text
Abstract
Open-source software (OSS) usage is on the rise, with a 156% increase in open-source malware, as reported by Sonatype. Over 704,102 malicious packages have been identified since 2019, with 512,847 discovered since November 2023.Infosecurity Magazine
October 14, 2024 – Criminals
Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation Full Text
Abstract
The Dutch police have dismantled Bohemia and Cannabia, considered the world's largest dark web market for illegal goods, drugs, and cybercrime. This action resulted from a joint investigation involving Ireland, the UK, and the US.The Hacker News
October 14, 2024 – Phishing
Two Updated Malware Strains Used in North Korean Fake Recruiter Scams Full Text
Abstract
Researchers from Palo Alto Networks Unit 42 discovered that these threat actors are posing as recruiters on platforms like LinkedIn to trick victims into downloading malware disguised as job-related tools.The Record
October 14, 2024 – Malware
Technical Analysis of DarkVision RAT Full Text
Abstract
Zscaler ThreatLabz observed DarkVision RAT in a new campaign in July 2024. The attack chain involves shellcode decryption, a Donut loader, and a .NET assembly called PureCrypter.ZScalar
October 14, 2024 – Government
Cyber Security Bill 2024: Australia’s Strategic Leap Toward a Resilient Digital Ecosystem Full Text
Abstract
Notable features of the law include mandatory cybersecurity standards for Internet of Things (IoT) devices and mandatory ransomware reporting for critical infrastructure entities.The Cyber Express
October 14, 2024 – Vulnerabilities
Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems Full Text
Abstract
Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands.The Hacker News
October 14, 2024 – Government
EU Adopts Cyber Resilience Act for Connected Devices Full Text
Abstract
The European Union Council has approved the Cyber Resilience Act (CRA) to establish cybersecurity requirements for products with digital components. This regulation will cover a wide range of connected devices.Infosecurity Magazine
October 14, 2024 – Ransomware
Lynx Ransomware: A Rebranding of INC Ransomware Full Text
Abstract
The malicious actors behind Lynx use tactics like double extortion, where they steal victims' data before encrypting it and threaten to leak or sell it if the ransom is not paid.Palo Alto Network
October 14, 2024 – Vulnerabilities
Zyxel Devices Targeted by Malicious Actors: Urgent Firmware Update Required Full Text
Abstract
Zyxel security appliances are being targeted by malicious actors, exploiting vulnerabilities in ATP and USG FLEX devices to steal credentials and gain unauthorized access via SSL VPN tunnels.Security Online
October 12, 2024 – Vulnerabilities
Progress Patches Critical Security Flaw CVE-2024-8015 (CVSS 9.1) in Telerik Report Server Full Text
Abstract
Progress Software has issued a security advisory regarding four new vulnerabilities in the Telerik Report Server. These flaws, designated as CVE-2024-7292, CVE-2024-7293, CVE-2024-7294, and CVE-2024-8015, impact versions before 2024 Q3 (10.2.24.924).Security Online
October 12, 2024 – Malware
Malware by the (Bit)Bucket: Uncovering AsyncRAT Full Text
Abstract
G DATA Security Lab discovered a malware campaign using Bitbucket to deploy AsyncRAT, a remote access trojan. The attackers employed multi-stage attacks to host and distribute malicious payloads, hiding their activities with Base64 encoding.GData
October 12, 2024 – Ransomware
Fog and Akira Ransomware Exploit Critical Veeam RCE Flaw After PoC Release Full Text
Abstract
Sophos X-Ops MDR and Incident Response warned of rising ransomware attacks exploiting Veeam Backup & Replication flaw CVE-2024-40711, allowing unauthorized account creation for ransomware deployments like Fog and Akira.Security Online
October 12, 2024 – Phishing
Telekopye Transitions to Targeting Tourists via Hotel Booking Scam Full Text
Abstract
ESET researchers revealed that the Telekopye scam toolkit, previously known for targeting online marketplace users, has now turned its focus towards exploiting tourists via accommodation booking platforms like Booking.com and Airbnb.WeLiveSecurity
October 12, 2024 – Government
CISA Warns of F5 BIG-IP Cookie Exploitation Full Text
Abstract
The CISA has issued an urgent alert warning organizations about a vulnerability involving unencrypted persistent cookies in the F5 BIG-IP Local Traffic Manager (LTM) module, which could be exploited by cyber threat actors.Security Online
October 11, 2024 – Government
CISA Warns of Critical Fortinet Flaw as Palo Alto Networks Issues Urgent Security Patches Full Text
Abstract
The CISA warned of a critical Fortinet flaw that allows remote code execution impacting FortiOS, FortiPAM, FortiProxy, and FortiWeb. Federal agencies must apply mitigations by October 30, 2024.The Hacker News
October 11, 2024 – Malware
Trojan.AutoIt.1443 Hits 28,000 Users via Game Cheats, Office Tool Full Text
Abstract
The malware executes tasks to establish network access with Ncat, manipulates the system registry using IFEO, and controls system functions. It conducts cryptomining using SilentCryptoMiner and steals funds by swapping crypto wallet addresses.HackRead
October 11, 2024 – Vulnerabilities
Critical Flaw Exposes Schneider Electric Industrial PCs to Attack Full Text
Abstract
The flaw, tracked as CVE-2024-8884, allows unauthorized actors to access sensitive information over an insecure HTTP connection, posing risks of DoS attacks, data leaks, and operational failures.Security Online
October 11, 2024 – Vulnerabilities
Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries Full Text
Abstract
Researchers have discovered significant security vulnerabilities in industrial systems using the Manufacturing Message Specification (MMS) protocol that could have serious consequences if exploited.The Hacker News
October 11, 2024 – Phishing
Tax Extension Malware Campaign Exploits Trusted GitHub Repositories to Deliver Remcos RAT Full Text
Abstract
A recent phishing campaign exploited GitHub links, targeting victims with promises of tax extension assistance. The emails urged recipients to download a password-protected archive from trusted repositories associated with tax organizations.Security Online
October 10, 2024 – Phishing
Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files Full Text
Abstract
Phishing campaigns are using newly registered domains related to hurricane relief efforts to trick victims into revealing sensitive information. Some are posing as FEMA assistance providers on forums like BlackBones to steal personal data and funds.HackRead
October 10, 2024 – Vulnerabilities
Code Execution Flaw Discovered in Apache Subversion for Windows Full Text
Abstract
Apache Subversion for Windows has been found to have a code execution flaw (CVE-2024-45720) with a CVSS score of 8.2. This vulnerability can be exploited to inject command line arguments and execute unintended programs.Security Online
October 10, 2024 – General
Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks Full Text
Abstract
This tactic, known as living-off-trusted-sites (LOTS), allows threat actors to blend in with normal network traffic, making it difficult to detect and attribute malicious activity.The Hacker News
October 10, 2024 – Vulnerabilities
Adobe Releases Security Updates to Patch Multiple Products Full Text
Abstract
Adobe has issued a security alert for critical vulnerabilities, urging users to update their software immediately to protect against potential cyber threats. The update enhances safety and protects against unauthorized access by cybercriminals.The Cyber Express
October 10, 2024 – Vulnerabilities
Researcher Details Privilege Escalation in Palo Alto Networks’ GlobalProtect MSI Installer Full Text
Abstract
Researcher Michael Baer from SEC Consult Vulnerability Lab has identified a critical local privilege escalation flaw (CVE-2024-9473) in Palo Alto Networks’ GlobalProtect MSI installer.Security Online
October 10, 2024 – Attack
Progress Telerik UI, Cisco ASA WebVPN, QNAP QTS, and Linux Systems Under Attack Full Text
Abstract
Vulnerabilities in Progress Telerik UI for WPF and D-Link routers have been exploited, along with the targeting of QNAP QTS firmware and Cisco ASA WebVPN. Additionally, critical flaws in PHP, GeoServer, and AVTECH IP cameras are under attack.The Cyber Express
October 10, 2024 – Vulnerabilities
GitLab Users Urged to Update Now to Fix Critical Flaw Full Text
Abstract
GitLab released critical security updates for versions 17.4.2, 17.3.5, and 17.2.9 of both Community and Enterprise Editions, fixing vulnerabilities, including a critical flaw (CVE-2024-9164) that lets attackers run pipelines on arbitrary branches.Security Online
October 10, 2024 – Malware
Lua Malware Targeting Student Gamers via Fake Game Cheats Full Text
Abstract
Morphisec Threat Labs has found advanced Lua malware targeting student gamers and educational institutions, taking advantage of Lua-based gaming engine supplements popular among students.HackRead
October 10, 2024 – Hacker
CyberVolk: From Hacktivism to Ransomware – Researcher Exposes New Threat Full Text
Abstract
Initially tied to pro-Russian hacktivist movements, CyberVolk has targeted Spain in response to geopolitical events. They have transitioned from DDoS attacks to ransomware, leading coordinated campaigns against Spanish institutions.Security Online
October 10, 2024 – Vulnerabilities
Microsoft Fixes Five Zero-Days in October Patch Tuesday Full Text
Abstract
Two bugs were actively exploited, including an RCE vulnerability in Microsoft Management Console (CVE-2024-43572, CVSS score: 7.8). Another exploited zero-day (CVE-2024-43573, CVSS score: 6.5) is a Windows MSHTML platform spoofing vulnerability.Infosecurity Magazine
October 8, 2024 – Vulnerabilities
Critical Apache Avro SDK RCE flaw impacts Java applications Full Text
Abstract
A critical security flaw in Apache Avro SDK for Java has been revealed, allowing remote code execution on vulnerable systems. The vulnerability, CVE-2024-47561, affects all versions prior to 1.11.4.Security Affairs
October 8, 2024 – Vulnerabilities
Critical Zero-Day Automotive Systems Vulnerabilities Exposed Full Text
Abstract
UncoveredRecent research by security expert Amit Geynis has shed light on the presence of critical vulnerabilities in modern vehicles, raising concerns about the safety of connected cars.Security Online
October 8, 2024 – Malware
LemonDuck Unleashes Cryptomining Attacks Through SMB Service Exploits Full Text
Abstract
A recent report by security researchers at Aufa and NetbyteSEC reveals the resurgence of the LemonDuck malware, exploiting the EternalBlue vulnerability in Microsoft’s SMB protocol for cryptomining.Net Bytes
October 8, 2024 – Solution
Google Pixel 9 Supports New Security Features To Mitigate Baseband Attacks Full Text
Abstract
The Pixel 9 series now includes defenses like Bounds Sanitizer, Integer Overflow Sanitizer, Stack Canaries, Control Flow Integrity (CFI), and Auto-Initialize Stack Variables to enhance security.Security Affairs
October 8, 2024 – Vulnerabilities
Update: Exploit Released for TeamViewer Flaws Letting Unprivileged Users Load Arbitrary Kernel Drivers Full Text
Abstract
These flaws enable attackers to execute arbitrary code and escalate privileges on Windows systems by exploiting inadequate cryptographic signature verification during driver installation.Security Online
October 8, 2024 – Phishing
Mamba 2FA Phishing Kit Bypasses 2FA with AitM Tactics Full Text
Abstract
Mamba 2FA has gained popularity in the phishing-as-a-service market, allowing attackers to bypass non-phishing-resistant MFA methods like one-time codes and app notifications.Security Online
October 8, 2024 – Solution
MaLDAPtive: Open-Source Framework for LDAP SearchFilter Parsing, Obfuscation, and More Full Text
Abstract
MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. The project features a custom C# LDAP parser for tokenization and syntax tree parsing.Help Net Security
October 8, 2024 – Vulnerabilities
PoC Exploit Released for Linux Kernel Flaw Enabling Container Escape Full Text
Abstract
Researchers disclosed technical details and a proof-of-concept (PoC) exploit for a vulnerability in the Linux kernel, tracked as CVE-2023-52447. This use-after-free flaw affects Linux kernel versions from v5.8 to v6.6, with a CVSS score of 7.8.Security Online
October 8, 2024 – General
As Ransomware Attacks Surge, UK Privacy Regulator Investigating Fewer Incidents Than Ever Full Text
Abstract
With ransomware attacks on the rise, the UK's privacy regulator is investigating fewer incidents than before. Only 87 out of 1,253 incidents reported last year, and 19 out of 440 incidents reported in the first half this year, have been investigated.The Record
October 8, 2024 – Malware
Threat Actor Believed to be Spreading New Medusalocker Variant Since 2022 Full Text
Abstract
BabyLockerKZ has expanded its reach to different continents, shifting from Europe to South America in early 2023. It has distinct features compared to MedusaLocker, such as unique storage keys and differences between Windows and Linux versions.Talos Intelligence
October 7, 2024 – Vulnerabilities
MediaTek Patches Critical Vulnerabilities in Smartphone, Tablet, and IoT Chipsets Full Text
Abstract
The vulnerabilities, affecting various chipsets like MT6761, MT6765, and MT6873, could lead to remote code execution, privilege escalation, or denial-of-service conditions if exploited.Security Online
October 7, 2024 – Attack
China-linked CeranaKeeper Group Targets Southeast Asia with Data Exfiltration Attacks Full Text
Abstract
The custom toolset used by the Thailand-based CeranaKeeper group includes WavyExfiller, DropboxFlop, OneDoor, and BingoShell for various data exfiltration and remote control purposes.The Hacker News
October 7, 2024 – Vulnerabilities
Privilege Escalation and Remote Code Execution Threaten Cisco Routers; No Updates Available Full Text
Abstract
Privilege escalation and remote code execution vulnerabilities have been identified in Cisco's Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, posing serious security risks for business networks.Security Online
October 7, 2024 – Attack
Royal Mail-Themed Lures Deliver Open Source Prince Ransomware Full Text
Abstract
Hackers posed as the UK's Royal Mail to spread Prince ransomware in a destructive campaign that targeted organizations in the US and UK in mid-September. Unlike typical ransomware attacks, this campaign had no decryption methods.Proof Point
October 7, 2024 – Vulnerabilities
Redis Patches for Multiple Flaws, Including Potential RCE Full Text
Abstract
Three key vulnerabilities (CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228) have been identified, with the most critical being CVE-2024-31449, allowing remote attackers to execute code.Security Online
October 7, 2024 – Malware
Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals Full Text
Abstract
This malware, which can steal credentials from online bank accounts, email accounts, and IT administrator accounts, is attributed to a threat actor group known as Golden Chickens.The Hacker News
October 7, 2024 – Vulnerabilities
Critical Flaw in OATH-Toolkit PAM Module Could Lead to Root Exploits Full Text
Abstract
Discovered by Matthias Gerstner of the SUSE Security Team, this vulnerability (CVE-2024-47191) allows unprivileged users to manipulate file operations conducted by the PAM stack, which operates with root privileges.Security Online
October 7, 2024 – Malware
Python-based Malware Slithers Into Systems via Legit VS Code Full Text
Abstract
Researchers from Cyble Research and Intelligence Lab (CRIL) uncovered the attack, which begins with a malicious email and utilizes Visual Studio Code to distribute Python-based malware, granting unauthorized remote access to infected devices.Dark Reading
October 7, 2024 – Vulnerabilities
Update: PoC Exploit Released Local Privilege Escalation Vulnerability in iTunes Full Text
Abstract
This flaw, now fixed by Apple as of September 12, 2024, enables an attacker to achieve SYSTEM-level access on Windows devices by exploiting the AppleMobileDeviceService[.]exe component that comes with iTunes.Security Online
October 7, 2024 – Hacker
FIN7 Hackers Launch Deepfake Nude Generator Sites to Spread Malware Full Text
Abstract
FIN7 gang is hiding malware in AI "Deepnude" sites to lure victims with promises of deepfake tool downloads. Security experts have identified the malicious sites hosted by the Russia-based FIN7 on various aiNude[.]ai domains.Bleeping Computer
October 5, 2024 – Malware
Fake Trading Apps Target Victims Globally via Apple App Store and Google Play Full Text
Abstract
These apps are part of a consumer investment fraud scheme known as pig butchering, where victims are tricked into investing in cryptocurrency or other financial instruments under false pretenses.The Hacker News
October 5, 2024 – Government
ACSC and CISA Launch Critical OT Cybersecurity Guidelines Full Text
Abstract
ACSC and CISA have jointly launched a new guide called Principles of Operational Technology Cybersecurity. This guide aims to assist organizations, especially those in critical infrastructure sectors, in securing their OT environments.Infosecurity Magazine
October 5, 2024 – Vulnerabilities
Update: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit Full Text
Abstract
Adobe Commerce and Magento stores are being targeted by CosmicSting exploit, with about 5% already compromised. The exploit, tracked as CVE-2024-34102, allows for remote code execution due to an XXE vulnerability.The Hacker News
October 4, 2024 – Vulnerabilities
Critical Zimbra RCE Vulnerability Under Mass Exploitation Full Text
Abstract
A critical Zimbra RCE vulnerability (CVE-2024-45519) is being exploited by attackers to run arbitrary commands on vulnerable systems. The attacks began after patches were released, with ProjectDiscovery detailing the vulnerability.Help Net Security
October 4, 2024 – Hacker
Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations Full Text
Abstract
Andariel, a North Korean state-sponsored threat actor, has shifted its focus to conducting financial attacks on U.S. organizations. While three organizations in the U.S. were recently targeted in August 2024, no ransomware was successfully deployed.The Hacker News
October 4, 2024 – Vulnerabilities
Chrome Releases Stable Channel Update Addressing High Security Vulnerabilities Full Text
Abstract
These flaws could allow attackers to execute arbitrary code, leak sensitive information, or manipulate web content. Users are advised to update their browsers to the latest version to ensure they are protected against these risks.Security Online
October 4, 2024 – Vulnerabilities
Cisco Nexus Dashboard Fabric Controller Exposed to RCE Full Text
Abstract
Cisco has issued a security advisory for a critical flaw in the Nexus Dashboard Fabric Controller (NDFC), allowing a remote attacker with network-admin privileges to execute arbitrary commands.Security Online
October 4, 2024 – Vulnerabilities
Unix Printing Vulnerabilities Enable Easy DDoS Attacks Full Text
Abstract
While the focus was on remote code execution, researchers found that the vulnerabilities can also be exploited for DDoS attacks. Attackers can manipulate a target system by sending crafted packets to vulnerable CUPS servers.Dark Reading
October 3, 2024 – Malware
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data Full Text
Abstract
The Python Package Index (PyPI) repository was found hosting fake cryptocurrency wallet recovery tools that steal user data, targeting popular wallets like Atomic and Trust Wallet.The Hacker News
October 3, 2024 – Vulnerabilities
LiteSpeed Cache Plugin Flaw Threatens Millions of WordPress Sites Full Text
Abstract
The LiteSpeed Cache plugin for WordPress has a serious security flaw (CVE-2024-47374) that allows unauthenticated users to inject malicious scripts leading to data theft or privilege escalation. This flaw was patched in version 6.5.1.Security Online