Month: November 2024

0 Comments
An unauthenticated remote command execution (RCE) vulnerability against Palo Alto Networks’ internet-exposed firewall management interfaces is actively being exploited, according to the cybersecurity provider. On November 8, Palo Alto published a security advisory to warn of a zero-day vulnerability affecting some of its PAN-OS firewall management interfaces. The flaw is an unauthenticated RCE vulnerability affecting
0 Comments
Nov 15, 2024Ravie LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have disclosed two security flaws in Google’s Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. “By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to
0 Comments
China-affiliated hackers have compromised US officials’ data through a large-scale hack on telecommunications providers, according to the US government. The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory on November 13 in which they shared more details on what they called “a broad and significant cyber espionage campaign.” They
0 Comments
Nov 14, 2024Ravie LakshmananArtificial Intelligence / Cryptocurrency Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. “Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users,” Laurie Richardson, VP and
0 Comments
Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker’s inner workings, allowing the researchers to discover a “specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted disks.” ShrinkLocker
0 Comments
Most enterprise security leaders are now turning to personal indemnity insurance to mitigate mounting breach risks and boardroom pressure, according to Panaseer. The continuous controls monitoring specialist interviewed 400 CISOs and similar in US and UK organizations in order to compile its Panaseer 2025 Security Leaders Report. It revealed that 61% of organizations suffered a
0 Comments
Nov 12, 2024Ravie LakshmananVirtualization / Vulnerability Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and
0 Comments
Italy has led a simulation exercise to test EU institutions’ preparedness to handle large-scale cyber-attacks. This annual drill, the Blueprint Operational Level Exercise (Blue OLEx), involves senior cybersecurity officials from EU member states and the Commission, with the support of EU The exercise helps cybersecurity leaders identify areas for improvement in the standardized way of
0 Comments
Nov 11, 2024Ravie LakshmananCybersecurity / Hacking News ⚠️ Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car’s tech system, even your security software—turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn’t fiction; it’s the new cyber reality. Today’s attackers
0 Comments
A notorious North Korean affiliated threat actor is targeting crypto firms using multi-stage malware and a novel persistence mechanism, SentinelLabs has reported. The campaign, dubbed ‘Hidden Risk’, is assessed with high confidence to be perpetrated by the BlueNoroff advanced persistent threat (APT) group, known for financially-motivated attacks. It is designed to target macOS devices. The
0 Comments
Nov 09, 2024Ravie LakshmananCryptocurrency / Cybercrime The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier
0 Comments
Russian-associated cyber-attacks on South Korea have ramped up following the deployment of North Korean troops in Ukraine, South Korea’s President’s Office has warned. The activity by pro-Kremlin groups has primarily been distributed denial-of-service (DDoS) attacks against government websites and private companies, which the Seoul government is actively responding to. The President’s Office said that access
0 Comments
On October 28th, 2024, the Dutch National police, alongside the FBI, Eurojust, and several other law enforcement organizations, performed a takedown of the infamous RedLine Stealer malware-as-a-service (MaaS) operation, and its clone called META Stealer. This global effort, named Operation Magnus, resulted in the takedown of three servers in the Netherlands, the seizure of two
0 Comments
Nov 09, 2024Ravie LakshmananVulnerability / Network Security Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. “Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management
0 Comments
A ransomware attack has significantly disrupted the operations of a key supplier to the US oil industry. In a regulatory filing sent to the US Securities and Exchange Commission (SEC) on November 7, Texan company Newpark Resources said an unauthorized third party gained access to some of its internal information systems on October 29, an
0 Comments
ESET Research, Threat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2024 and Q3 2024 Jean-Ian Boutin 07 Nov 2024  •  , 3 min. read ESET APT Activity Report Q2 2024–Q3 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented
0 Comments
Nov 08, 2024Ravie LakshmananCyber Espionage / Threat Intelligence High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called ElizaRAT and a new stealer
0 Comments
The UK’s data protection regulator has warned AI recruitment tool providers to better protect job seekers’ data rights, mitigating discrimination and other privacy concerns. AI is increasingly being used by recruitment companies to make their processes more efficient, such as helping to source potential candidates, summarize CVs and score applicants. However, an audit by the
0 Comments
A threat actor with ties to the Democratic People’s Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as
0 Comments
A new malicious software framework, “Winos4.0,” has been discovered embedded in game-related applications targeting Windows users. According to researchers at FortiGuard Labs, this malware framework is a sophisticated variant derived fromGh0strat. Winos4.0 can execute multiple actions remotely and provides attackers with extensive control over affected systems. The malware operates by distributing game-related applications, such as
0 Comments
Budget season is upon us, and everyone in your organization is vying for their slice of the pie. Every year, every department has a pet project that they present as absolutely essential to profitability, business continuity, and quite possibly the future of humanity itself. And no doubt that some of these actually may be mission
0 Comments
US officials have urged voters to seek out information about the Presidential election from trusted, official sources amid ramped up foreign influence efforts. The joint advisory from the FBI, the Office of the Director of National Intelligence (ODNI)and the Cybersecurity and Infrastructure Security Agency (CISA), warned that foreign adversaries, particularly Russia, will intensify online content
0 Comments
Nov 05, 2024Ravie LakshmananMobile Security / Cyber Attack Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions. “ToxicPanda’s main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device
0 Comments
US government agencies have accused Russian actors of being behind a faked video purporting to show Haitian’s illegally voting in multiple counties in the state of Georgia. The joint statement from the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said
0 Comments
Nov 04, 2024Mohit KumarDDoS Attack / Cybercrime German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. “The platform made such DDoS attacks accessible to a wide range of users, even those without any in-depth technical
0 Comments
The US and Israel have warned that the Iranian state-sponsored threat actor Cotton Sandstorm is deploying new tradecraft to target networks, including leveraging generative AI tools. The joint advisory highlighted how the group, also known as Marnanbridge and Haywire Kitten, has recently shifted from ‘hack and leak’ operations against organizations primarily in Israel to a
0 Comments
U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel’s participation in the sporting event. The activity has been pinned on an entity that’s known as Emennet Pasargad, which the agencies
0 Comments
Cybersecurity firm Sophos has detailed evolving tactics by Chinese advanced persistent threat (APT) groups following five years of collecting telemetry on campaigns targeting its customers. Working with other cybersecurity vendors, governments and law enforcement agencies, the researchers were able to attribute specific clusters of observed activity from December 2018 to November 2023 to the groups