Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Urgent: Patch Your H ...

 Firewall Daily

Interpol404, a threat actor (TA) is selling exploit code for a critical security vulnerability (CVE-2023-46359) on the Nuovo BreachForums. The TA has set a price tag of $200 for this vulnerability. Written in Python, Vulnerability CVE-2023-46359 weaponizes the OS command injection vulnerability, allowing   show more ...

unauthenticated attackers to take full control of the affected system. Additionally, CVE-2023-46359 allows cybercriminals to remotely execute arbitrary commands on the targeted system. This potentially compromises its functionality, endangering connected devices. More About CVE-2023-46359 This vulnerability, CVE-2023-46359 has been discovered in the Hardy Barth cPH2 Wallbox. It is a widely used electric vehicle charging station. The exploit code is reportedly accompanied by a screenshot showcasing its usage, syntax, and argument details. As the exploit code is unencrypted, anyone with access to the forum post can potentially analyze and modify the code for malicious purposes. This is something that raises concern. Implications of Vulnerability CVE-2023-46359 Exploiting CVE-2023-46359 could have severe consequences. Attackers could potentially: Charging Operations Might Get Disrupt: By executing arbitrary commands, attackers could manipulate the Wallbox's functionality, potentially disrupting charging operations or even damaging connected electric vehicles. Launch Further Cyberattacks: Gaining access to the Wallbox could provide a foothold within a network, allowing attackers to launch further attacks on other connected devices. Steal Sensitive Data: The Wallbox might store sensitive information such as user credentials or billing details. A successful cyberattack could compromise this data. Recent discoveries like "Linguistic Lumberjack" (CVE-2024-4323) in Fluent Bit and "TunnelVision" vulnerability within VPNs demonstrate the widespread presence of exploitable weaknesses. Additionally, the high alert issued by the Australian Cyber Security Centre (ACSC) for vulnerabilities in Check Point Gateways (CVE-2024-24919) underlines the critical need for strong cybersecurity measures. Steps for Mitigating These Risks Here are some essential steps to help mitigate the risks related to CVE-2023-46359. By following these guidelines, users can lessen the likelihood of their Hardy Barth cPH2 Wallbox being hacked by this important vulnerability. Monitor Security Updates: Stay up to date on the newest security risks and updates from Hardy Barth and other relevant cybersecurity agencies. Disable Remote Access (if applicable): If the Wallbox includes remote access functionality, consider turning it off unless absolutely necessary. This minimizes the attack surface for potential exploits. Patch Systems Immediately: Hardy Barth should issue a patch to remedy this vulnerability as soon as practicable. Users are encouraged to apply the patch as soon as it is released. Maintain Strong Passwords: Use strong and unique passwords for all accounts associated with the Wallbox. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Beware! New Android ...

 Firewall Daily

Dark web actors are advertising a new Android Remote Trojan called Viper RAT that targets Android devices. The threat actor, which goes by the same name, has asserted that this malicious tool has a plethora of capabilities. On May 31, 2024, information about the advertising of a brand-new Android Remote Trojan Access   show more ...

(RAT) called "VIPER RAT" on the CrackingX and OnniForums forums became public. According to the post, the Viper RAT can be rented for a mere $499 with capacities of targeting and penetrating devices based on Android operating systems. Android Remote Trojan Viper RAT Advertised on Dark Web Forums A multi-grabber for credentials, emails, 2FA codes, wallets, and keys is one of the features that are offered, along with keylogging capabilities. Additionally, this Android Remote Trojan Viper RAT offers more than 600 word-wide injections, phone unlocking, VNC control, and audio and video recording capabilities to aid with phishing redirection. To add a degree of credibility, the threat actor provides a dedicated website, viperrat[.]com (domain registered on May 17, 2024), and a Telegram account for orders. The unnervingly low cost of the Viper RAT suggests that its release was motivated by malevolence. The efficacy of this device is demonstrated by the two demonstration videos that the threat actor has uploaded on the main website. The Viper RAT has previously made an appearance in the world of cybercrime. The author made the initial introduction to CrackingX on May 8, 2024, and updated the features on May 31, 2024. The threat actor's overt endorsement of the Viper RAT highlights how serious the risks are for Android users everywhere. Advanced Features, Capabilities, and Pricing The threat actor's pitch on underground forums paints a grim picture of the Viper RAT's capabilities. Promising "Viper Android Rat Hidden Screen Control Unlock Phone | Grab VE 2FA ★Crypto," the actor markets it as the "Best Android Remote Control," with a reminder that "The only secure phone is that powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards." The pricing tiers begin at $499, and customized versions can be ordered. The threat actor highlights that installation support is given without charge, but there are no trial offers. Only cryptocurrency can be used as a form of payment, further obscuring illegal activities. Among the features listed by the threat actor, Viper RAT has a set of other factions that are specifically designed to target Android devices regardless of what hardware they are using. To shed light on some of its features, the Android RAT can achieve live keylogging and phishing redirection to multi-grabber features and seamless screen control. The Viper RAT also offers many more features, such as smooth hidden VNC control, screen capture, unlocking pin and pattern, controller support for APKs up to version 14, and much more. Due to these features, the threat actor has unparalleled access to personal information, enabling them to act destructively and surreptitiously. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Belarusian Governmen ...

 Cybersecurity News

Cyble Research and Intelligence Labs (CRIL) researchers have observed a new sophisticated phishing campaign from the Belarusian government-linked threat actor "UNC1151" targeting the Ukraine Ministry of Defense to facilitate covert espionage operations. UNC1151 has previously been linked to large-scale,   show more ...

long-running influence campaigns that align with Russia's geopolitical interests and anti-NATO narratives. UNC1151 Targets Ukraine Ministry of Defense With Phishing Lures Researchers from Mandiant had earlier tracked the group's operations that were active since at least 2017 as the "Ghostwriter Operation/UNC1151." The researchers concluded that the campaign was aimed at spreading pro-Russian narratives and disinformation to targeted audiences in Ukraine, Lithuania, Latvia and Poland. Recently, CRIL researchers discovered a new campaign from the Belarusian group targeting the Ukrainian and Polish government, with primary focus on the Ukranian Ministry of Defense and the Ukrainian military, with socially-engineered malicious Excel worksheet (XLS) files, since at least April 2024. [caption id="attachment_74785" align="alignnone" width="1081"] 2024 Phishing Lure Targeting Ukraine's Ministry of Defense (Source: Cyble Blog)[/caption] These files, purporting to be official documents, are distributed to victims through the use of spam emails. Once the spreadsheet is opened, an "Enable Content" button attempts to direct victims into inadvertently initiating the execution of an embedded VBA (Visual Basic for Applications) macro. [caption id="attachment_74783" align="alignnone" width="1099"] Source: Cyble Blog[/caption] This malicious macro file drops a shortcut file (LNK) and a malicious DLL (dynamic-link library) file on the victim's system. Execution of the LNK shortcut file then initiates the DLL file through the use of the operating system's built-in Rundll32.exe file (commonly abused to load malicious DLLs), with the DLL leading to the infection of the system through the use of hidden and encrypted seemingly innocuous ".svg" image files. The researchers observed a hidden DLL file upon decrypting these .svg image files, concluding that it likely leads to the final payload, citing a Talos Intelligence study of the group's campaign last year where researchers observed the use of ".jpg" image files to deliver payloads. However, CRIL researchers were unable to retrieve the final encrypted payloads from these .svg files, suggesting improved obfuscation practices. They suspect that the final payload potentially includes the same vicious malware such as njRAT, AgentTesla, and Cobalt Strike that were present in the encrypted .jpg image files observed in the previous campaign. The researchers believe the payload aims at exfiltrating information from infected systems in addition to establishing unauthorized remote control over them. Previous UNC1151 Campaign and Advancements Inspection of the lure documents in the recent phishing campaign led the researchers to suspect that it primarily targeted the Ukraine Ministry of Defense. The researchers highlighted the similarity and differences in the recent campaign to an earlier campaign last year targeting the Ukrainian and Polish government, along with their military and civilians. The 2023 campaign similarly operated through the use of Excel and PowerPoint files to trick users into running hidden macro code, which led to the load of malicious .LNK shortcut files and DLL files on the infected system. [caption id="attachment_74782" align="alignnone" width="1099"] Campaign Differences (Source: Cyble Blog)[/caption] However, the newer campaign employed different phishing lures such as images of drones, and the document purports to be from the Ukrainian Ministry of Defense. While the encrypted .jpg image files in the previous campaign directly concealed an .EXE file, the new campaign's .svg image files instead concealed an additional malicious DLL file. This DLL file is loaded into the system's temporary directory (%Temp%) and run through the use of the legitimate Rundll32.exe present on the Windows operating system. The researchers cite these variances as an example of the group's evolving tactics, with a sustained effort to compromise Ukrainian targets for strategic gain. The researchers recommend the use of email filtering systems, verification of the identity of email senders, limiting the execution of scripting languages, setup of network-level monitoring, and regular backup of important data. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Tech in Asia Hit by ...

 Cybersecurity News

Singapore and Jakarta-based news website Tech in Asia has reportedly suffered a massive data breach. The alleged ‘Tech in Asia Data Breach’ seems to have affected a massive userbase of 230,000 users. The leaked data allegedly contains sensitive user information, which has raised concerns about potential identity   show more ...

theft and targeted attacks. Understanding the Tech in Asia Data Breach: What Data Was Leaked? Tech in Asia is headquartered in Singapore and the news website covers topics on startups and innovation in Asia. It was founded in August 2010. Threat Actor (TA) Sanggiero has claimed responsibility for the Tech in Asia Data Breach. The TA has allegedly published the leaked data on a popular hacking forum Breach Forums. The leaked data allegedly contains a significant amount of information pertaining to 230,000 users. Sanggiero also claimed that the sensitive information was breached in June 2024. According to the TA, the following data has been exposed. User ID: Each of 230,000 users has unique ids assigned within the Tech in Asia platform. Tech in Asia ID: The ID is potentially an internal identity which is specifically associated with the news platform Email Address: This is the crucial sensitive information that the users have submitted to the organization which the website uses to communicate apart from verifying their credentials. User Roles: The information that could be exposed includes the permission or access level granted to a user within the platform. Examples includes subscriber, writer or editor. Full Name: This includes sensitive information like both the first and last name details of the user. Display Name: This is the name chosen by the user to be displayed publicly on the Tech in Asia website which may or may not be the actual name. Registration Date: This is the date on which the user created his or her account on the news platform. Avatar URL: The avatar is nothing but the web address of the user's profile picture on Tech in Asia. Author URL: It could potentially be a link to the user’s home page or portfolio on which he or she publishes articles on within the Tech in Asia platform. Exploiting Vulnerabilities: How Did Tech in Asia Data Breach Occur? Threat Actor Sanggiero has claimed that he hacked the website and gained access to this large database by exploiting the vulnerabilities within the Tech in Asia's API (Application Programming Interface). API is a software intermediary that allows the TA to run two software applications to communicate with each other. Vulnerabilities within the Tech in Asia’s API could have allowed the hacker to gain unauthorized access to the data of 200,000 + users. The TA infact identified other bugs that allowed him to gain access to the website’s internal services. What Should Affected Users Do? These types of data breaches have become common across the globe. While it is currently unclear as to how the TA intends to use the stolen data, users in Tech in Asia must take the following precautionary steps: Change password: Users must immediately change their password on Tech in Asia platform apart from any other accounts that use the same login credentials. Beware of phishing attempts: Now that the hacker revealed that the email ids have been leaked, the users must be wary of targeted phishing attacks. They should not click any emails which requests them to share personal information or that share suspicious links. Monitor accounts: The users must also stay alert for unusual activity on their accounts in the news website or any accounts linked with the leaked email addresses. Tech in Asia Response Awaited At the time of publishing this article, Tech in Asia has yet to release an official statement regarding the data breach. However, it is expected that they will soon address the data breach and outline steps to users to safeguard their data and also on the efforts taken to prevent future data breaches. The article will be updated as more the organization updates its response. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Australian Governmen ...

 Firewall Daily

Australian Treasurer Jim Chalmers has mandated that several Chinese-linked investors divest their shares in Northern Minerals, a rare earth miner. The directive, grounded in foreign investment laws, requires the sale of these stakes due to concerns over national security linked to a Northern Minerals cyberattack   show more ...

incident. The move comes at a time when the mining sector is increasingly seen as strategic, particularly in light of recent developments surrounding the Browns Range heavy rare earths project in Western Australia. Northern Minerals is at the forefront of developing this crucial project, which has gained attention for its potential role in green energy and defense sectors. The Browns Range mine is positioned to be a supplier for Iluka Resources' Eneabba rare earth refinery, a project backed by substantial Australian government funding.  However, the spotlight on Northern Minerals has also made it a target for cyberattacks, which has now gained urgency following a data breach made by the BianLian ransomware group. Decoding the Northern Minerals Cyberattack Claims [caption id="attachment_74717" align="alignnone" width="765"] Source: Dark Web[/caption] The cyberattack on Northern Minerals has raised questions not only for the organization but also for stakeholders and investors, as many businesses and individuals have invested heavily in these mining projects. Prior to the current situation, Northern Minerals discovered a data breach incident in late March that compromised a range of sensitive data, including corporate, operational, and financial information, as well as details about current and former personnel and shareholders. Despite the severity of the breach, Northern Minerals reported that its operations and broader systems remained largely unaffected. However, the BianLian group has leaked data it says was compromised in the attack, including operational, strategic, R&D, financial, and employee information, along with executive emails and phone numbers. Treasurer Jim Chalmers' directive to Chinese-linked investors, including Yuxiao Fund, to sell their stakes in Northern Minerals is a significant move to safeguard Australia's national interests. The Foreign Investment Review Board advised this action to ensure compliance with Australia's foreign investment framework. The decision affects not only Yuxiao Fund but also other foreign shareholders, who have been given 60 days to dispose of their shares. Yuxiao Fund, a Singapore-registered private investment vehicle of Chinese national Wu Yuxiao, had previously been restricted from increasing its stake in Northern Minerals. The Australian government's insistence on these divestitures reflects a broader strategy to reduce dependency on foreign entities, particularly those linked to China, in the critical minerals sector. Strategic Implications of the Cyberattack on the Mining Industry The cyberattack on Northern Minerals highlights the broader vulnerabilities within the critically important mining industry, which is becoming an increasingly attractive target for cybercriminals. The attack on Northern Minerals, along with similar incidents like one involving Rio Tinto in 2023, illustrates the critical need for enhanced cybersecurity protocols across the sector. These attacks not only threaten the operational integrity of mining companies but also pose significant risks to national security, given the strategic importance of rare earth elements. As the mining sector becomes increasingly vital to global supply chains, particularly for green energy technologies and defense applications, it is imperative to protect these resources from cyber threats. The suspected involvement of the hacker group BianLian in the Northern Minerals cyberattack has further intensified concerns. The group claims to have stolen extensive data, including corporate email archives and shareholder information, which was then posted on the dark web. Australia's proactive stance in managing foreign investment in its critical minerals sector, coupled with its efforts to mitigate cyber threats, sets an example for other nations facing similar challenges. By prioritizing national security and strengthening cybersecurity, Australia aims to ensure the sustainable and secure development of its strategic mineral resources. The cyberattack on Northern Minerals and the subsequent divestment orders by the Australian government highlights the intertwined nature of cybersecurity and national security in the mining industry. As cyber threats continue to evolve, so too must the strategies to defend against them, ensuring the resilience and security of critical industries worldwide. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Microsoft India X Ac ...

 Firewall Daily

The official Microsoft India X, formerly known as a Twitter account, has been hacked by cryptocurrency scammers. With over 211.3k followers, the golden tick verified account, Microsoft India X account became the prime target of scammers as it offers the hijackers a legitimate platform for their fraudulent activities.   show more ...

The Microsoft India X account is hacked under the name of Roaring Kitty. On accessing its account the description was "A method for hunting stocks and pouncing on investment opportunities. Live streams on Mon/Wed/Fri from 7-10 pm ET. For educational purposes only." Microsoft India X Account Hacked They used the hacked Microsoft India X account to reply to tweets, directing users to a fake website, presaIe-roaringkitty[.]com. This site falsely claimed to offer a chance to buy GameStop (GME) crypto in a presale. Still, in reality, it was set up to steal assets from anyone who connected their cryptocurrency wallets and approved transactions. [caption id="attachment_74568" align="aligncenter" width="556"] Source: X[/caption] [caption id="attachment_74569" align="aligncenter" width="640"] Microsoft India X Account Hacked[/caption] Although these posts have been removed, the hackers continue to repost their stuff from their account on the Microsoft India X account, which has not yet been restored. The Cyber Express Team has reached out to Microsoft India for more information, but as of writing this news report, there has been no response. Hijacking Verified X Account: A Trend Hijacking of Microsoft India X account is not a new incident, in fact it is part of a worrying trend where verified X accounts are targeted by scammers. Previously, the U.S. Securities and Exchange Commission (SEC) confirmed that its verified X account was hacked due to a SIM-swapping attack on the phone number linked to the account. Similarly, the official X accounts of tech giant Netgear and Hyundai MEA (Middle East & Africa) were also hacked, spreading malware to steal from cryptocurrency wallets. These accounts had over 160,000 followers combined. Other high-profile breaches include accounts of well-known entities and individuals like the cybersecurity firm Mandiant, Ethereum co-founder Vitalik Buterin, and Donald Trump Jr. Most of these hacks are linked to Bitcoin scams, highlighting a troubling pattern in the digital world. These compromised accounts endanger their followers and pose a significant security risk to X’s 528 million users. The big question is why are trusted X accounts being used for Bitcoin scams, and what does this mean for online security and digital currency? There may be a few reasons for this trend. First, accounts with many followers and verified status seem more credible, making it easier for scammers to trick people. Second, the sophisticated nature of these attacks, like SIM-swapping and social engineering, shows weaknesses in current security measures. Lastly, the growing popularity of cryptocurrency makes it an attractive target for cybercriminals. Therefore, social media platforms like X must improve security, including stronger authentication methods to prevent unauthorized access. This might involve multi-factor authentication and educating users about phishing and other cyber threats. For the cryptocurrency market, these incidents highlight the need for better security and regulations. As digital currencies become more common, ensuring safe transactions and protecting users from scams is crucial. This might involve developing more secure wallet solutions and making transactions more transparent. The hacking of the Microsoft India X account is a clear reminder of the growing threat of cybercrime. It shows the need for constant vigilance and adaptation to new scams. Users, companies, and regulators must work together to protect the digital world and ensure that trust and security are prioritized. As we wait for more updates on the Microsoft India account, everyone in the cybersecurity community and beyond should stay alert, learn from these incidents, and strengthen their defenses against future cyberattacks. The fight against cybercrime is ongoing, and only by working together can we make the digital space safer for everyone.

image for The Threat of Espion ...

 Cybersecurity News

Security companies have historically focused on espionage incidents related to Windows systems. This has led to them overlooking similar threats on Linux platforms, even though attacks on Linux servers are increasing with each passing day. As valuable data in sectors such as scientific research, technology and   show more ...

education are often hosted on Linux systems, heightened security measures to safeguard them is becoming a critical need. Researchers at QiAnXin Threat Intelligence Center have been monitoring Linux server attacks by unknown threat groups in a campaign called "Operation Veles." Of these, groups like UTG-Q-008 and UTG-Q-009 have caused significant damage, the researchers said. Threat Group Successfully Targets Linux Systems UTG-Q-008 specifically targets Linux systems using a vast botnet network for espionage in the research and education sectors. This group displays remarkable strength and endurance, with active domain names for more than ten years and sophisticated attack methods. The targets of UTG-Q-008 include over 5,000 network segments totaling more than 17 million IP addresses, mainly from the CN CER (China Education and Research) network. They also focus on advanced biological genetics and RNA immunotherapy research in China and the United States. UTG-Q-008 has access to abundant network resources, using new servers for each operation to execute attacks in a four-hour window beginning at midnight. These attacks involve short-lived shells, making traditional indicators of compromise ineffective. The group uses distributed SYN scans to identify open ports and conducts brute-force attempts to crack root passwords of various servers, including research servers, with minimal detection. Many organizations have moved away from using default SSH ports on their Linux servers situated at the network perimeter. As a result, the initial action by UTG-Q-008 involves leveraging the extensive network capabilities of botnets for executing distributed SYN scans. The researchers further detailed that they measured the frequency of SYN scans per individual IP address, estimating an average of 25-35 scans per second. Emergence of Botnets in Linux Server Domains The botnet resources are concentrated in China and the United States and include web servers, monitoring systems, and botnet nodes like Perlbot and Mirai, utilized for reconnaissance, brute-forcing, vulnerability exploitation, and Trojan delivery. The involvement of botnets in espionage activities is not uncommon, the researchers said, but the extent of their participation that matters. For example, in 2024, the Moobot botnet provided network proxies to APT28 for spear-phishing email delivery. In 2019, Lazarus utilized the TrickBot botnet to distribute exclusive malware for attack activities. However, based on a-year-long analysis of UTG-Q-008, researchers believe that the botnet behind this threat group is directly involved in espionage activities, based on its technical capabilities. Linux Threat Group Achieves 'Impressive Results' In their long-term engagement, researchers for the first time observed targeted attacks in which a direct involvement of a botnet was seen for espionage. The scale and quality of the affected entities has been impressive. In previous APT cases, achieving such "impressive results" in the Linux server domain would not be possible without a few 0-day vulnerabilities, the researchers said. UTG-Q-008's tools are stored on springboard servers in tar format, with the primary payload being Nanobot, similar to Perlbot. The group employs internal network scanners and lateral movement tools to compromise servers within internal networks. UTG-Q-008 deploys espionage plugins to collect sensitive data and installs "xmrig" cryptocurrency mining on compromised servers to conceal their activities after gaining initial access. The group operates primarily during standard working hours but has also been observed engaging in late-night activities possibly located in Eastern Europe. While UTG-Q-006 targets Windows devices, there is some overlap in operations and shared activity with UTG-Q-008, but the exact relationship between the groups is unclear. The emergence of UTG-Q-008 as a sophisticated threat that targets Linux-based systems shows the importance of enhancing security measures to protect critical research and development sectors from espionage activities. Strengthening defenses against such threats is essential to safeguard national technological advancements.

image for Researcher Finds Vul ...

 Cybersecurity News

A security researcher discovered an exploitable timing leak in the Kyber key encapsulation mechanism (KEM) that’s in the process of being adopted by NIST as a post-quantum cryptographic standard. Antoon Purnal of PQShield detailed his findings in a blog post and on social media, and noted that the problem has been   show more ...

fixed with the help of the Kyber team. The issue was found in the reference implementation of the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) that’s in the process of being adopted as a NIST post-quantum key encapsulation standard. Clang Compiler Introduces Side-Channel Vulnerability “A key part of implementation security is resistance against side-channel attacks, which exploit the physical side-effects of cryptographic computations to infer sensitive information,” Purnal wrote. To secure against side-channel attacks, cryptographic algorithms must be implemented in a way so that “no attacker-observable effect of their execution depends on the secrets they process,” he wrote. In the ML-KEM reference implementation, “we’re concerned with a particular side channel that’s observable in almost all cryptographic deployment scenarios: time.” The vulnerability can occur when a compiler optimizes the code, in the process silently undoing “measures taken by the skilled implementer.” In Purnal’s analysis, the Clang compiler was found to emit a vulnerable secret-dependent branch in the poly_frommsg function of the ML-KEM reference code needed in both key encapsulation and decapsulation, corresponding to the expand_secure implementation. “In decapsulation, poly_frommsg is used once. The whole decapsulation takes more than 100K cycles. Surely the timing difference produced by this one branch is too small to matter?” Purnal asked rhetorically. “...sophisticated local attackers can perform high-resolution cache attacks, target the branch predictor to learn which branches are taken, or slow down the library to amplify the timing difference,” he answered. “So the prudent approach is to patch.” Measuring the time it takes for a complete decapsulation “is enough for an attacker to piece together the key,” he said. Purnal published a demo on GitHub called “clangover” showing the role of the timing vulnerability in the recovery of an ML-KEM 512 secret encryption key. “The demo terminates successfully in less than 10 minutes on the author’s laptop,” he wrote. A Critical Post-Quantum Key Vulnerability Purnal noted that while not all compilers, options and platforms are affected, “if a given binary is affected, the security impact may be critical. Therefore, the conservative approach is to take this issue seriously, and look out for patches from your cryptography provider.” The reference implementation was patched by implementing the relevant conditional move as a function in a separate file. “This change prevents Clang from recognizing the binary nature of the condition flag, and hence from applying the optimization,” he said. “It’s important to note that this does not rule out the possibility that other libraries, which are based on the reference implementation but do not use the poly_frommsg function verbatim, may be vulnerable – either now or in the future,” he concluded.

image for Over 168 Million Rec ...

 Firewall Daily

A threat actor has claimed to be selling Iran's Hajj and Pilgrimage Organization's database on a hacking forum. This database is claimed to have over 168 million records. This database includes sensitive information such as full names, dates of birth, ID numbers, passport scans, financial information, and the   show more ...

source code for Hajj-related apps and services. The Hajj and Pilgrimage Organization is an independent state body that works with Iran's Ministry of Culture and Islamic Guidance. It organizes and monitors pilgrimage tours to Hajj, Umrah, and numerous locations in Iraq and Syria. The data, supposedly collected between 1984 and 2024, is said to be 1.25 terabytes (TB) in size. The threat actor announced on the forum, "More than 168 million database records (during the years 1984 to 2024) are ready for sale." Claimed Hajj and Pilgrimage Organization Data includes • Passport scans and photos of travelers • Travel flight information • Travel insurance details • Security deposit documents • Banking and payment information • Information about pilgrimage brokers • Accommodation status of travelers • Details of government officials • Allocated quotas for special groups like martyr families • Information on NAJA forces, Basij forces, and clerics (Mullahs) • Source code for Hajj apps and services [caption id="attachment_74631" align="aligncenter" width="1024"] Source: X[/caption] Implications of Hajj and Pilgrimage Organization Data Breach If the claim of a Hajj and Pilgrimage Organization data breach is real, the implication of the same might be far-reaching, perhaps touching millions of people. The disclosure of such broad and sensitive information might result in identity theft, financial loss, and major privacy violations for millions of individuals. Additionally, the exposure of the source code for Hajj-related apps and services could potentially compromise the security and functionality of these essential tools. Despite the seriousness of the claimed Hajj and Pilgrimage Organization data breach, the official website appears to be operating normally as no signs of foul play were seen upon accessing the site. The Cyber Express Team contacted the Hajj and Pilgrimage Organization to verify the allegations. However, no reaction has been received as of this time, making the threat actor's assertions unconfirmed. Amid the Israel-Iran conflict, the Middle East is experiencing another type of threats, like cyber warfare. Jordan finds itself at the center of this conflict, facing a series of claimed cyberattacks carried out by various hacktivist groups, out of which BlackMaskers Team emerged as a significant danger. The Team claimed responsibility for various cyberattacks on Jordan that targeted critical Jordanian entities from the stock exchange to private sector businesses. These cyberattacks are purportedly in response to Jordan's backing for Israel against Iran in the continuing conflict. The Cyber Express team will continue to actively follow the situation. We will give updates if new information becomes available, such as official confirmations or rejections from the Hajj and Pilgrimage Organization or other relevant agencies. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for European Center for ...

 Cybersecurity News

noyb (None of Your Business), also known as the European Center for Digital Rights, has filed two complaints under Article 77 of the GDPR against Microsoft, claiming the tech giant violated the privacy rights of school children with its Microsoft 365 Education offering to educational institutions. noyb believes that   show more ...

Microsoft attempted to shift the responsibility and privacy expectations of the GDPR's principles onto the institutions through its contracts, but stated that these organizations had no reasonable means of complying with such requests as they did not maintain control over the collected data. Shifting Privacy Expectations from Big Tech to Local Schools The non-profit stated that as schools and educational institutions within the European Union increasingly relied on digital services during the pandemic, big tech companies capitalized on this trend to try to create a new generation of loyal customers. While welcoming the modernization of education, noyb believes that Microsoft has violated several data protection rights while providing educational institutions with access to Microsoft's 365 Education services, leaving students, parents and the institutes themselves with little choice. noyb expressed concern over the market power of software vendors such as Microsoft, which enables them to dictate the terms and conditions of their contracts with schools. This power, the organization alleges, has allowed tech providers to shift the majority of legal responsibilities under the General Data Protection Regulation (GDPR) onto local authorities and educational institutions. noyb states that in reality, neither schools nor local authorities have the ability to influence how Microsoft processes user data. Instead, they often faced a "take-it-or-leave-it" situation, where all decision-making power and profits lay with Microsoft, while the risks are expected to be borne by the schools. "This take-it-or-leave-it approach by software vendors such as Microsoft is shifting all GDPR responsibilities to schools," said Maartje de Graaf, a data protection lawyer at noyb. "Microsoft holds all the key information about data processing in its software, but is pointing the finger at schools when it comes to exercising rights. Schools have no way of complying with the transparency and information obligations." noyb Believes Countless Children Affected by 'Secret Tracking' noyb said that students and educational institutions faced a serious lack of transparency in the privacy documentation surrounding the usage of Microsoft's 365 Education services. Instead, students and institutes interested in the usage of data were forced to navigate a maze of privacy policies, documents, terms, and contracts, all of which were found to provide slightly different but consistently vague information about what happens to children's data. "Microsoft provides such vague information that even a qualified lawyer can't fully understand how the company processes personal data in Microsoft 365 Education," said de Graaf. "It is almost impossible for children or their parents to uncover the extent of Microsoft's data collection." European Center for Digital Rights Files Two Complaints The alleged violations of information privacy laws led to noyb representing the cases of two complainants against Microsoft. The first complaint cited the case of a father who made requests to obtain personal data collected by Microsoft's 365 Education service on behalf of his daughter, under the articles of the GDPR. Yet Microsoft had redirected the concerned parent to the "data controller," and after checking with Microsoft if the school was the data controller, the parent then reached out to the school who then replied that they only had access to the student's email addresses used for sign-up. In the second complaint, an individual reported that despite not granting consent to cookie or tracking technologies, Microsoft 365 Education had installed cookies analyzing user behavior and collecting browser data, both of which are used for advertising purposes, according to Microsoft's own documentation. This type of invasive profiling was being carried out without the school's knowledge or consent, the non-profit stated. "Our analysis of the data flows is very worrying," said Felix Mikolasch, a data protection lawyer at noyb. "Microsoft 365 Education appears to track users regardless of their age. This practice is likely to affect hundreds of thousands of pupils and students in the EU and EEA. Authorities should finally step up and effectively enforce the rights of minors." noyb has requested the Austrian data protection authority (DSB) to investigate and analyze the data being collected and processed by Microsoft 365 Education, as neither Microsoft’s own privacy documentation, the complainant's requests for access, nor the non-profit’s own research could clarify this process, which it believes violates the transparency provisions mandated by the GDPR. noyb also believes that the authority should impose an additional fine on Microsoft, as it believes the company failed to comply with the right of access, and that all children living in the EU/EEA countries were affected by the uniformity in Microsoft 365 Education's terms & conditions and the privacy documentation of its services across the region. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for State-Sponsored Hack ...

 Cyber Essentials

A recent series of cyberattacks observed on the British Columbia government networks from state hackers may have compromised the personal information of its employees, authorities said. Shannon Salter, head of the B.C. Public Service, on Monday, provided an update on a recent cyber investigation. She disclosed that   show more ...

hackers, who attacked government networks in April "may have" accessed 22 email inboxes of provincial employees. Among these, a few inboxes contained sensitive personal information on 19 individuals, primarily consisting of employee personnel files. Salter confirmed that individuals potentially impacted by the breach have been notified. As a precaution, they will be offered credit monitoring and identity protection services. Despite the potential access, there has been no identified misuse of the information or evidence indicating that specific files were accessed by the threat actor. The investigation so far has not found hackers accessing any sensitive information collected by the government in the delivery of public services. Additionally, officials clarified that the cyberattack was not a ransomware attack and appears to have been carried out by a state or state-sponsored actor. Public Safety Minister Mike Farnworth reiterated Salter's comments and told reporters in a press briefing: "At this time, we have no indication that the general public's information was accessed." Farnworth did not reveal which ministry employees' emails were accessed by the hackers but said no cabinet members were affected as "these were [only] employee files." British Columbia Cyberattacks Timeline Initial Detection and Investigation - April 10: The B.C. government detected potential cyberattack. - April 11: Government security experts confirmed the cyberattack after initiating an investigation. Federal Involvement and Expert Consultation - The incident was reported to the Canadian Centre for Cyber Security, which then engaged Microsoft's Diagnostics and Recovery Toolset (DaRT) due to the attack's sophistication. - April 17: Premier David Eby was briefed on the cyberattack. Continued Threat and Security Measures - April 29: Evidence of another hacking attempt by the same “threat actor” was discovered. - Same day, provincial employees were instructed to immediately change their passwords to 14 characters. The Office of the Chief Information Officer (OCIO) described this as part of routine security updates, though it was likely linked to the cyberattack. Third Attempt and Final Disclosure - May 6: Another cyberattack was identified, with the same threat actor responsible for all three incidents. - May 8: After briefing the B.C. NDP cabinet on May 8, the cybersecurity centre concurred that the public could be notified, leading to the eventual public announcement of the cyberattacks. The cyberattacks were not disclosed to the public until late evening on May 8, and was eventually announced during an ice hockey game, leading to accusations from B.C. United MLAs that the government was trying to conceal the attack. Opposition MLA Todd Stone questioned the delay in public disclosure, asking, “How much sensitive personal information was compromised, and why did the premier wait eight days to issue a discreet statement during a Canucks game to disclose this very serious breach to British Columbians?” Salter explained, at the time, that the cybersecurity centre advised against immediate public disclosure to prevent other hackers from exploiting vulnerabilities in government networks. Throughout these incidents, the government emphasized that the ongoing nature of the investigation required careful management of information to ensure system security and prevent further exploits. Is Beijing Involved? Although the sophistication of this hacking campaign made clear that it is likely a work of a state or state-sponsored hackers, authorities have remained tight-lipped and not attributed these cyberattacks to any particular country. The latest updates in the B.C. cyberattack, however, came on the same day that the Canadian Centre for Cyber Security warned of China's increased targeting of Canadian citizens and its organizations through the scale and scope of its cyber operations. The Cyber Centre said China’s cyber operations surpass other nation-state cyber threats in terms of volume, sophistication, and breadth of targeting. China’s cyber threat actors have targeted a wide range of sectors in Canada, including all levels of government, critical infrastructure, and the Canadian research and development sector. The Cyber Centre said the government networks have been compromised multiple times by Chinese actors, who still frequently attempt reconnaissance against these networks. Government entities at all levels, including federal, provincial, territorial, municipal, and indigenous are the prime targets of Chinese actors, and thus, should be aware of the espionage risk.

image for Archi Hives Data Bre ...

 Firewall Daily

A database linked to an Indian architecture and interior designing firm, Archi Hives, was compromised in a cyberattack. The Archi Hives data breach was attributed to a threat actor known as SirDump. He shared the information regarding a data breach at Archi Hives on June 2, 2024, on the nuovo BreachForums platform,   show more ...

where the threat actor disclosed sensitive details. The stolen information, which was in the form of a zipped file with two CSV files, revealed a wealth of personal and organizational information. Social media handles, billing, and shipping information, and nicknames were all included in the first CSV file.  The second file presents a worrisome image of the scope of the Archi Hives database leak by containing more information such as user logins, passwords, and activation keys. Archi Hives is a well-known architecture and interior design firm founded in the early 1990s and is run by individuals with experience in both fields.  Archi Hives Data Breach Claimed on Dark Web The incident had a ripple effect not only on the company but also on the construction sector in India and the larger Asia & Pacific (APAC) region, with the leak's epicenter being its website, archihives.co.in. [caption id="attachment_74580" align="alignnone" width="1262"] Source: Dark Web[/caption] To find out more about the Archi Hives data breach allegations, The Cyber Express contacted the company. However, no official comment or remark has been received regarding this Archi Hives database leak. This leaves the claims for this cyberattack stand unconfirmed right now. Cyberattacks on Interior Designing Firms Cyberattacks are a harsh reality for interior design companies, increasing the possibility of data breaches and monetary losses. Studies show that it typically takes 73 days to contain an attack, which can seriously impair operations and cause 60% of small enterprises to fail in less than six months. Each breached record can cost £15,300 to rectify, denting profits, reported Wealth & Finance International. Strong IT rules, frequent data backups, and personnel training are all components of defense. Creating comprehensive incident response protocols and working with 24/7 cybersecurity monitoring services are crucial. Given the constantly changing nature of cyber threats, interior design firms must give top priority to implementing comprehensive cybersecurity measures to safeguard their operations in an increasingly hostile digital environment. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for AI Threats, Cybersec ...

 Cybersecurity News

AI is a long way from maturity, but there are still offensive and defensive uses of AI technology that cybersecurity professionals should be watching, according to a presentation today at the Gartner Security & Risk Management Summit in National Harbor, Maryland. Jeremy D’Hoinne, Gartner Research VP for AI &   show more ...

Cybersecurity, told conference attendees that the large language models (LLMs) that have been getting so much attention are “not intelligent.” He cited one example where ChatGPT was recently asked what the most severe CVE (common vulnerabilities and exposures) of 2023 was – and the chatbot’s response was essentially nonsense (screenshot below). [caption id="attachment_74538" align="aligncenter" width="618"] ChatGPT security prompt - and response (source: Gartner)[/caption] Deepfakes Top AI Threats Despite the lack of sophistication in LLM tools thus far, D’Hoinne noted one area where AI threats should be taken seriously: deepfakes. “Security leaders should treat deepfakes as an area of immediate focus because the attacks are real, and there is no reliable detection technology yet,” D’Hoinne said. Deepfakes aren’t as easy to defend against as more traditional phishing attacks that can be addressed by user training. Stronger business controls are essential, he said, such as approval over spending and finances. He recommended stronger business workflows, a security behavior and culture program, biometrics controls, and updated IT processes. AI Speeding Up Security Patching One potential AI security use case D’Hoinne noted is patch management. He cited data that AI assistance could cut patching time in half by prioritizing patches by threat and probability of exploit and checking and updating code, among other tasks. Other areas where GenAI security tools could help include: alert enrichment and summarization; interactive threat intelligence; attack surface and risk overview; security engineering automation, and mitigation assistance and documentation. [caption id="attachment_74541" align="aligncenter" width="1024"] AI code fixes (source: Gartner)[/caption] AI Security Recommendations “Generative AI will not save or ruin cybersecurity,” D’Hoinne concluded. “How cybersecurity programs adapt to it will shape its impact.” Among his recommendations to attendees was to “focus on deepfakes and social engineering as urgent problems to solve,” and to “experiment with AI assistants to augment, not replace staff.” And outcomes should be measured based on predefined metrics for the use case, “not ad hoc AI or productivity ones.” Stay tuned to The Cyber Express for more coverage this week from the Gartner Security Summit.

image for E-mail attacks on th ...

 Business

Since last summer, both hotel owners and employees have been receiving malicious e-mails disguised as ordinary correspondence from previous or potential guests. In some cases, they appear as typical messages sent to the target hotels public e-mail address. In others, they resemble urgent requests from Booking.com to   show more ...

respond to user comments the platform supposedly received. In reality, its attackers trying to either get hold of employees login credentials or infect hotel systems with malware. Tricks of the trade When targeting organizations, threat actors usually need a plausible pretext for their e-mails. In the case of hotels, devising such a pretext is relatively easy: responding to sudden customer inquiries is part and parcel of the job for hotel workers with publicly available e-mail addresses. The be-all-and-end-all for a hotel is reputation, so employees strive to resolve conflicts or fulfill requests as quickly as possible. This eagerness leads them to follow links or open attached files within these e-mails, falling prey to cybercriminals. In essence, this threat could be described as a customer focus attack. Adding to the challenge of identifying the threat is the fact that attackers dont need to create a specific, business-appropriate e-mail address. Hotel staff routinely receive inquiries and complaints from guests using free e-mail services. So attackers use them too — with Gmail being the most common. E-mail content Generally, the correspondence follows one of two topics: complaints, or inquiries to clarify some details. In the first case, hotel employees receive a message from a dissatisfied guest. The complaint could be about unethical staff, double-charged bank cards, poor accommodation conditions, and so on. To back up their words, attackers may offer supporting evidence such as videos, photos, bank statements and the like. Example of a complaint regarding a conflict that allegedly occurred in a hotel Early this year, attackers modified their tactics. Instead of direct complaints, they started sending e-mails disguised as notifications from Booking.com — the popular online accommodation booking platform. The essence remains the same: someone supposedly left a negative review on the platform that hotel staff need to address as a matter of extreme urgency. This may seem like a different scam altogether, but the attacks goals and the e-mail technical headers (throwing light on the mailing engine) indicate that these e-mails are part of the same campaign. E-mail mimicking a notification from Booking.com In the inquiry-based e-mails, attackers pose as potential guests and request additional information about hotel services and pricing. The options are endless, with each messages subject and content almost always unique. Besides routine questions about transfers, meals, and rates, these pseudo-guests may inquire about a playroom for kids, a quiet space for remote work, or the availability of rooms with special historical or cultural significance. Here are some more examples of phishing e-mail subjects and content: Subject: Examining Different Payment Gateways for Amusement Park Passes. Body: What are the consequences of canceling a reservation within a few weeks of the check-in date? Subject: Seeking clarification on making a reservation. Body: Greetings! In case I misplace an item, whats the process for locating lost possessions during my stay? Subject: Enquiry about booking. Body: Hi there! Does the room have a mini-bar, and what items are included? Subject: How to reserve a double room online without any hassle. Body: What happens if guests arrive outside of normal check-in hours at your hotel? Subject: Securing exclusive hotel rooms: attention to finer details. Body: Good afternoon, Im interested in staying at your hotel but I have some questions about the payment process. Can you assist me with that? Subject: Room Fresh Flowers and Plants. Body: Are there options available to request fresh flowers or plants in the guest rooms? Subject: Laundry Facility Information. Body: What information can you provide about the hotels laundry facilities, including services offered and associated charges? Subject: Booking Request for Pet-Friendly Family Room. Body: Our family and pets are looking forward to our stay. Can you provide a room thats suitable for pets? Information on pet amenities would be valuable. Subject: Inquiry for Rooms with Sustainable Energy Sources. Body: Desire a room powered by sustainable energy sources to support eco-friendly living during my stay. Subject: Request for Assistance with Wine Tasting Tours. Body: Can you arrange wine tasting tours at local vineyards or wineries? Subject: Dedicated Workspace in Rooms for Business Guests Inquiry. Body: Are dedicated workspaces available in rooms for guests who need to work remotely? Note – these are actual verbatim examples that were used by attackers. As you can see, on the one hand, these are all perfectly plausible questions that real hotel customers ask. On the other, the subject and body of the e-mail are not always logically connected. Its as if, in some cases, the senders pulled them from some pre-compiled database in random order. Multi-stage correspondence with fake clients In some cases, attackers adopt methods more common to targeted attacks — no malicious link is sent in the first or even the second e-mail. To lull the victims vigilance, they initiate a conversation with one or more short, seemingly innocuous messages, asking questions about accommodation conditions at the hotel. For example, in the first message, an attacker posing as a potential customer claims to be planning a surprise for their wife. In the reply, the hotel employee clarifies the dates of stay and asks how the staff could assist with the surprise. Only then does the attacker send an e-mail with a link to download a malicious file, supposedly containing detailed instructions on creating a special atmosphere in the room —with a promise of generous rewards for the staffs efforts, of course. Example of an attack involving preliminary exchange End goals By and large, the cybercriminals objective in all these cases is to obtain credentials. These can then be used in other scams or simply sold, as databases of such usernames and passwords are in high demand on the dark web. Late last year, we wrote about how compromised hotel accounts on Booking.com are being used to scam clients out of payment information. Its highly probable that the ultimate goal of the attackers in this case is to implement a similar scheme. As we wrote above, cybercriminals either lure the victim to a phishing site, or attempt to infect their computer with malware. Heres how they do it. Malware infection Attackers mostly use links to files with malicious content that are stored on legitimate file-sharing services. Less common are various methods of link masking — such as shortened URLs. These links can be in the e-mail body or in an attachment, for example a PDF document. In some cases, files with malicious content (such as infected Microsoft Word documents) are sent as attachments directly. If the victim follows the link and downloads the file or opens the attachment, a variety of malware may appear on their device, among which there is usually a password stealer. Weve encountered threats like the XWorm backdoor and the RedLine stealer. Phishing e-mails In some instances, phishing links lead to pages that mimic the Booking.com login form. Other times, the phishing page looks like a form for entering corporate credentials. If attackers manage to use these to access corporate e-mail accounts, a lot of doors open to them — such as hijacking the associated Booking.com account, or contacting customers while impersonating the hotel. Phishing website mimicking the Booking.com login page How to defend against an attack To safeguard your hotel staff from falling victim to these schemes and protect your business, do the following: Run regular security awareness training for employees. This will equip them with the knowledge to resist social engineering techniques and spot cybercriminal tricks early. For example, in the case of the Booking.com e-mail scam, this can be done with the naked eye — just pay attention to the From A large and reputable service like Booking.com would never send notifications from a free e-mail address. Furthermore, a website mimicking the login page may hosted on a third-party domain thats completely unrelated to the travel platform. Implement protection at the e-mail gateway level. While employees might still receive pesky e-mails from scammers, phishing and malicious links along with dangerous attachments wont ever reach their inboxes. Install robust security solutions with anti-phishing technology on all devices used for work. Stay informed by reading our blog to be among the first to learn about the latest e-mail threats.

image for NIST Commits to Plan ...

 Feed

The agency aims to burn down the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database via additional funding, third-party contract, and partnership with CISA.

 Feed

Red Hat Security Advisory 2024-3563-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for   show more ...

each vulnerability from the CVE link in the References section. Issues addressed include a server-side request forgery vulnerability.

 Feed

Red Hat Security Advisory 2024-3561-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed   show more ...

severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a server-side request forgery vulnerability.

 Feed

Red Hat Security Advisory 2024-3560-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed   show more ...

severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a server-side request forgery vulnerability.

 Feed

Red Hat Security Advisory 2024-3559-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed   show more ...

severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a server-side request forgery vulnerability.

 Feed

Red Hat Security Advisory 2024-3553-03 - An update for the nodejs:16 package is now available for Red Hat Enterprise Linux 8.6.0 Advanced Update Support. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-3550-03 - HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available. Issues addressed include code execution, denial of service, and password leak vulnerabilities.

 Feed

Red Hat Security Advisory 2024-3544-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an operating system (OS) command injection vulnerability that could be exploited to obtain unauthorized

 Feed

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates have been observed in version 6 of DarkGate released in March 2024 by its developer RastaFarEye, who

 Feed

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world. The limitations of Browser Isolation, such as degraded browser performance and inability to tackle

 Feed

A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts. The attack chain, per Fortinet FortiGuard Labs, involves a Microsoft Excel file that carries an embedded VBA macro to initiate the infection, "The attacker uses a multi-stage malware strategy to deliver the notorious 'Cobalt

 Feed

Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform," the company said in a joint statement along with CrowdStrike and Google-owned Mandiant. "We have not identified

 Feed

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called HellHounds. "The Hellhounds group compromises organizations they select and

 Feed

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8 out of a maximum of 10.0. "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or

2024-06
Aggregator history
Tuesday, June 04
SAT
SUN
MON
TUE
WED
THU
FRI
JuneJulyAugust