You’ve Been Breached: What Now?

May 10, 2024 at 10:06AM The focus on cybersecurity is often on prevention, but breaches are inevitable, typically due to human error. To minimize damage after a breach, security leaders should: gather identity data for containment, provide temporary accounts, enforce accountability from executive level, and implement recovery strategies like incident response planning and comprehensive cybersecurity … Read more

Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously

April 11, 2024 at 02:30PM The cloud platform’s 8-year-old version was compromised by attackers to distribute malware capable of taking over infected systems. It seems like there was a discussion in the meeting about attackers compromising an 8-year-old version of a cloud platform to distribute malware that can take over infected systems. Are there any … Read more

Intel and Lenovo servers impacted by 6-year-old BMC flaw

April 11, 2024 at 12:52PM A 6-year-old vulnerability in Lighttpd web server used in Baseboard Management Controllers, overlooked by vendors like Intel and Lenovo, could lead to memory exfiltration, bypassing protection mechanisms. Binarly discovered a heap out-of-bounds read vulnerability and vendors missed the fix, leading to a massive number of vulnerable devices, with impacted models … Read more

Malicious AI models on Hugging Face backdoor users’ machines

February 28, 2024 at 05:16PM JFrog’s security team detected around 100 malicious AI ML models on the Hugging Face platform, potentially giving attackers persistent backdoor access to victims’ machines. Despite Hugging Face’s security measures, the models evaded detection, indicating significant security risks. JFrog urges heightened vigilance and proactive measures to protect against such threats. Based … Read more

Malicious code in Tornado Cash governance proposal puts user funds at risk

February 27, 2024 at 09:37AM Malicious JavaScript code found in a Tornado Cash governance proposal has been leaking deposit data for 2 months, compromising fund transaction privacy and security. Security researcher Gas404 discovered the code and urged stakeholders to veto the proposals. Tornado Cash, an Ethereum mixer, uses SNARKs for anonymity, but has also been … Read more

Ubuntu ‘command-not-found’ Tool Could Trick Users into Installing Rogue Packages

February 14, 2024 at 08:51AM Cybersecurity researchers discovered a vulnerability in the ‘command-not-found’ utility on Ubuntu systems that could allow threat actors to recommend and install their own malicious packages. The vulnerability stems from the utility’s reliance on the snap repository, potentially leading to deceptive recommendations and software supply chain attacks. Users are urged to … Read more

Meet VexTrio, a network of 70K hijacked websites crooks use to sling malware, fraud

February 9, 2024 at 10:39PM Over 70,000 legitimate websites have been compromised to form VexTrio, a network utilized by cybercriminals for distributing malware and conducting phishing activities. The operation has been growing in sophistication since its establishment in 2017. Check Point and Infoblox have both flagged VexTrio as a significant security threat, emphasizing its impact … Read more

Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks

February 7, 2024 at 04:40AM The blog entry discusses the critical Atlassian Confluence vulnerability CVE-2023-22527, which facilitates remote code execution. Update to Confluence version 8.5.4 or 8.5.5 to address the flaw. The vulnerability’s technical breakdown, exploitation scenarios, and available security solutions are detailed, underscoring the urgency for patching and utilizing security measures. The meeting notes … Read more

US to Roll Out Visa Restrictions on People Who Misuse Spyware to Target Journalists, Activists

February 5, 2024 at 06:06PM The Biden administration has implemented a new policy allowing visa restrictions on individuals involved in misusing commercial spyware to target journalists, activists, and marginalized communities. This action aims to address privacy and human rights concerns. Notably, the policy could affect citizens of any country and reflects growing international concerns about … Read more

Attackers Abuse Google OAuth Endpoint to Hijack User Sessions

January 3, 2024 at 06:08AM Prisma uncovered a critical exploit within an undocumented Google OAuth endpoint, enabling attackers to hijack user sessions and maintain continuous unauthorized access to Google services. The exploit has been integrated into various malware and has continued to evolve, posing a significant threat. CloudSEK has emphasized the need for enhanced cybersecurity … Read more