Panera Notifies Employees of Compromised Data

June 14, 2024 at 03:00PM Panera Bread has notified employees of a data breach following a “security incident” in March. The unauthorized access to internal files resulted in the theft of employees’ names, Social Security numbers, and possibly other employment-related information. Panera has offered a one-year membership to CyEx’s credit monitoring and identity theft resolution … Read more

North Korea’s Moonstone Sleet Widens Distribution of Malicious Code

June 13, 2024 at 03:33PM A newly identified North Korean threat actor, Moonstone Sleet, is expanding its distribution of malicious npm packages to public registries, targeting the software supply chain and open source code repositories. It differentiates itself through various techniques, posing a growing risk to the open source community. Organizations are urged to implement … Read more

Ransomware crew may have exploited Windows make-me-admin bug as a zero-day

June 12, 2024 at 06:16PM Symantec’s threat hunters suspect Black Basta ransomware gang exploited a Windows privilege escalation bug, CVE-2024-26169, before Microsoft’s patch. Symantec’s analysis suggests the ransomware could have been compiled pre-patch, allowing “at least one group” to exploit the vulnerability as a zero-day. The ransomware gang, tracked as Storm-1811, used social engineering attacks … Read more

Microsoft deprecates Windows DirectAccess, recommends Always On VPN

June 12, 2024 at 11:08AM Microsoft has deprecated its DirectAccess remote access solution and recommends companies to transition to ‘Always On VPN’ for increased security and ongoing support. Always On VPN, introduced as a successor to DirectAccess, supports modern VPN protocols and is more flexible, requiring users to plan and execute a migration to avoid … Read more

Police arrest Conti and LockBit ransomware crypter specialist

June 12, 2024 at 09:47AM A 28-year-old Russian man in Kyiv was arrested for collaborating with Conti and LockBit ransomware operations, making their malware undetectable and conducting an attack himself. The arrest was part of ‘Operation Endgame’, which dismantled botnets and main operators. The man was specialized in developing custom crypters to evade antivirus detection … Read more

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups

June 11, 2024 at 04:39AM Summary: This blog post analyzes the Noodle RAT backdoor, used by Chinese-speaking groups in cybercrime and espionage. It covers the backdoor’s history, capabilities for Windows and Linux, command-and-control communication, backdoor commands, similarities with Gh0st RAT and Rekoobe, and the discovery of a control panel and builder for Noodle RAT. Authors: … Read more

SolarWinds Flaw Flagged by NATO Pen Tester

June 7, 2024 at 02:23PM SolarWinds released version 2024.2 with new features, upgrades, and security patches. This includes fixing high-severity SWQL injection bug (CVE-2024-28996), reported by a NATO-affiliated penetration tester. Other flaws fixed are a high-severity cross-site scripting flaw (CVE-2024-29004) and a medium-severity race condition vulnerability. The update also enhances map functionality and overall stability. … Read more

Cisco fixes WebEx flaw that allowed government, military meetings to be spied on

June 7, 2024 at 11:15AM This week, Cisco addressed critical bugs in WebEx that allowed unauthorized access to meeting information and metadata, potentially compromising security and privacy. Dutch government conference calls were exposed, along with sensitive details about high-profile officials. While Cisco has fixed the bugs and notified affected customers, investigations are ongoing, and potential … Read more

Kali Linux 2024.2 released with 18 new tools, Y2038 changes

June 5, 2024 at 01:23PM Kali Linux has released version 2024.2, featuring eighteen new tools and fixes for the Y2038 bug. The release includes visual updates and new tools such as autorecon and gowitness. The update also addresses the Y2038 bug and introduces Gnome 46 with enhanced stability and performance. Users can upgrade or download … Read more

‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products

June 5, 2024 at 08:00AM Taiwan-based networking device manufacturer Zyxel warned of three critical-severity vulnerabilities in discontinued NAS products, allowing command injection and arbitrary code execution without authentication. Despite reaching the end of vulnerability support, patches were made available for impacted products NAS326 and NAS542. Exploitation could lead to persistent root access, requiring immediate firmware … Read more