0 Comments
Apr 25, 2023Ravie LakshmananNetwork Security / DDoS Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. “Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially
0 Comments
To ensure that digital systems and products have security built in by design, the US federal government and cybersecurity professionals have been calling for greater investment in skills and training in cybersecurity throughout the tech sector. Despite CISA Director Jen Easterly recently calling for universities to include security as a standard element in computer science
0 Comments
Apr 24, 2023Ravie LakshmananCyber Espionage The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. “Tomiris’s endgame consistently appears to be the regular theft of internal documents,” security researchers Pierre Delcher and Ivan Kwiatkowski said in an analysis published today. “The
0 Comments
Apr 22, 2023Ravie LakshmananPatch Management / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows – CVE-2023-28432 (CVSS score – 7.5) – MinIO Information Disclosure Vulnerability CVE-2023-27350 (CVSS score –
0 Comments
Apr 22, 2023Ravie LakshmananSupply Chain / Cyber Threat Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of
0 Comments
Many routers that are offered for resale contain sensitive corporate information and allow third-party connections to corporate networks Did you mistakenly sell access to your network when you sold a decommissioned router? Recently, ESET researchers purchased several used core routers to set up a test environment, only to find that, in many cases, the previously
0 Comments
An employee from the US Consumer Financial Protection Bureau (CFPB) has reportedly forwarded confidential records of roughly 256,000 consumers and confidential supervisory information of approximately 50 institutions to a personal email account. Congressman Bill Huizenga addressed the claims in a letter to CFPB director, Rohit Chopra, dated April 18. “At the time of your notification,
0 Comments
Apr 21, 2023Ravie LakshmananKubernetes / Cryptocurrency A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. “The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack,” cloud security firm Aqua said in a report
0 Comments
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering techniques
0 Comments
Apr 20, 2023Ravie LakshmananCloud Security / Vulnerability A chain of two critical flaws has been disclosed in Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. “The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers’ PostgreSQL
0 Comments
by Paul Ducklin LOOPING THE LOOP No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS
0 Comments
A threat actor associated with Iranian nation-state hackers has been weaponizing N-day vulnerabilities, as well as deploying new techniques to access environments of interest. The threat actor is a sub-group of Mint Sandstorm – a gang also known as Phosphorus and associated with APT35, APT42, Charming Kitten and TA453 – reported an advisory published by Microsoft on
0 Comments
Apr 19, 2023Ravie LakshmananCyber War / Cyber Attack Elite hackers associated with Russia’s military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google’s Threat Analysis Group (TAG), which is monitoring the activities of the actor under
0 Comments
Security researchers have discovered a new malicious software library capable of collecting lists of installed applications, a history of Wi-Fi and Bluetooth device information as well as nearby GPS location data. Dubbed Goldoson by McAfee’s Mobile Research Team, the library can also load web pages without user awareness and perform advertisement fraud by clicking on
0 Comments
Apr 18, 2023Ravie LakshmananThreat Intelligence / Cyber Risk Cybersecurity researchers have detailed the inner workings of a highly evasive loader named “in2al5d p3in4er” (read: invalid printer) that’s used to deliver the Aurora information stealer malware. “The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM (virtual machine) technique,”
0 Comments
Summary Amazon Web Service (AWS) Lambda is a serverless event-driven compute service. It is a function as a service (FaaS) that allows users to deploy application functionality without the complexity of maintaining the underlying infrastructure. Lambda executions can be triggered by events from other AWS services or software-as-a-service (SaaS) applications. Inside the Lambda execution environment
0 Comments
The state of Montana in the US has become the first to pass legislation banning TikTok on personal devices. The bill, SB 419, passed by a vote of 54 to 43, mentions several concerns about TikTok, such as alleged surveillance from the Chinese government as well as the encouragement of “dangerous activities” among youth using the app.
0 Comments
Apr 17, 2023Ravie LakshmananSurveillance / Privacy Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft. The development was reported by the Israeli business newspaper Calcalist, citing unnamed sources, adding the company “hasn’t been fully active