Month: September 2024

0 Comments
Business Security Proper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help Tony Anscombe 18 Sep 2024  •  , 4 min. read ‘Seek legal advice’, this has to be my top recommendation if you have suffered a cyber-incident that could be deemed
0 Comments
Sep 19, 2024Ravie LakshmananEnterprise Security / DevOps GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user
0 Comments
AT&T has agreed to pay $13m to the US telco regulator to settle a long-running investigation into whether it failed to protect customer data stored in the cloud. The Federal Communications Commission (FCC) explained that the incident stemmed from a supply chain breach in January 2023 when threat actors exfiltrated AT&T customer data from a
0 Comments
Ransomware attacks are surging in the UK, with threat actors possibly encouraged by the propensity of victim organizations to pay up, according to a new study from Cohesity. The security vendor polled over 3100 IT and security decision-makers in eight countries and multiple sectors to compile its Global cyber resilience report 2024. It revealed that,
0 Comments
Sep 17, 2024Ravie LakshmananCryptocurrency / Malware Cryptocurrency exchange Binance is warning of an “ongoing” global threat that’s targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud. Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim’s clipboard activity and
0 Comments
Socia media giant Meta is resuming its controversial plans to use Facebook and Instagram user posts to train generative AI (GenAI). The practice is effectively banned in the EU at present after the Irish Data Protection Commission (DPC) requested the firm pause its project, in a move Meta branded as “a step backwards for European
0 Comments
Sep 16, 2024Ravie LakshmananSpyware / Threat Intelligence Apple has filed a motion to “voluntarily” dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical “threat intelligence” information. The development was first reported by The Washington Post on Friday. The iPhone maker said its efforts,
0 Comments
A case involving a medical record hack affecting hundreds of patients and employees at a Pennsylvania healthcare company has been settled for a record-breaking $65m. Filed in March 2023, the case involved nearly 135,000 patients and employees of Lehigh Valley Health Network (LVHN), an independent healthcare network based in Pennsylvania. The plaintiffs, represented by class-action
0 Comments
Sep 13, 2024Ravie LakshmananVirtual Reality / Vulnerability Details have emerged about a now-patched security flaw impacting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device’s virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. “A novel attack that can
0 Comments
Read more about disinformation campaigns targeting the US Presidential Elections Malicious actors are spreading false claims that US voter registration databases have been breached, according to a new alert issued by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). The agencies said the claims are designed to manipulate public opinion and undermine confidence
0 Comments
Video, Ransomware ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends 13 Sep 2024 This week, ESET researchers published a deep dive into the recent activities of the CosmicBeetle cybercrime group. Among other notable things, CosmicBeetle was found to abuse the infamy of
0 Comments
Sep 14, 2024Ravie LakshmananEnterprise Security / Threat Intelligence Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. “An OS command injection vulnerability in
0 Comments
Ireland’s data protection authorities have launched a probe into Google’s AI model, and whether it complies with GDPR. The Irish Data Protection Commission (DPC), An Coimisiún um Chosaint Sonraí, is the EU’s lead privacy regulator for Google. The DPC has opened a cross-border statutory inquiry into Google Ireland, under Section 110 of the Data Protection
0 Comments
Sep 13, 2024Ravie LakshmananEnterprise Security / Vulnerability Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. “When Hadooken is executed, it drops a Tsunami malware
0 Comments
Nearly all (95%) version upgrades of open source software contain at least one breaking change that causes other components to fail, with patches having a 75% chance of causing a break, according to Endor Labs. The security vendor revealed the findings in its third annual Dependency Management Report, which is based on Endor Labs vulnerability
0 Comments
ESET researchers have mapped the recent activities of the CosmicBeetle threat actor, documenting its new ScRansom ransomware and highlighting connections to other well-established ransomware gangs. CosmicBeetle actively deploys ScRansom to SMBs in various parts of the world. While not being top notch, the threat actor is able to compromise interesting targets. CosmicBeetle replaced its previously
0 Comments
Sep 12, 2024Ravie LakshmananWeb Security / Content Management WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily. The enforcement is expected to come into effect starting October 1, 2024. “Accounts with commit access can push updates and changes to
0 Comments
Microsoft heaped more work onto sysadmins this week after fixing four zero-day vulnerabilities being actively exploited in the wild. First on the list is CVE-2024-43491 – a CVSS 9.8 remote code execution (RCE) bug in Microsoft Windows Update which requires no privileges or user interaction, and of low attack complexity. “This vulnerability emerged due to a
0 Comments
Sep 11, 2024Ravie LakshmananWindows Security / Vulnerability Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important,
0 Comments
SonicWall customers have been urged to patch a critical vulnerability in their firewalls after security researchers warned it is being actively exploited in ransomware attacks. The CVSS 9.3-rated vulnerability (CVE-2024-40766) was originally published on August 22 by the security vendor, before an update on September 6 claimed it was being actively exploited. “An improper access
0 Comments
Sep 09, 2024Ravie LakshmananVulnerability / Hardware Security A novel side-channel attack has been found to leverage radio signals emanated by a device’s random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab
0 Comments
Sep 09, 2024Ravie LakshmananCyber Attack / Threat Intelligence A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024. Trend Micro is tracking the adversary under the moniker TIDRONE, stating the activity is espionage-driven given the
0 Comments
Sep 07, 2024Ravie LakshmananCybercrime / Dark Web Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, have been charged
0 Comments
Read more about the international crackdown on spyware US Moves to Ban “Anti-Democratic” Spyware US Cracks Down on Spyware with Visa Restrictions Governments and Tech Giants Unite Against Commercial Spyware Global scrutiny on hack-for-hire services and spyware tools has heightened over the past few months, with many countries strengthening their legal response to human rights