Bypass Bug Revives Critical N-Day in Mitel MiCollab

December 5, 2024 at 04:31PM Two vulnerabilities in Mitel’s MiCollab platform expose enterprise data risks. CVE-2024-35286 and CVE-2024-41713 enable unauthorized access and file reading. Attackers can exploit these flaws, especially with public MiCollab devices, posing serious threats to organizational communication and data integrity. Mitel has patched some issues, but one remains unaddressed. ### Meeting Takeaways: … Read more

‘White FAANG’ Data Export Attack: A Gold Mine for PII Threats

December 3, 2024 at 08:39AM Researchers warn that the GDPR’s data portability regulations, while promoting privacy, pose significant risks. Users can now easily export sensitive data, making it vulnerable to hackers. The risk extends to companies, as compromised personal accounts can lead to cyberattacks. Employees must separate personal and professional online activities to enhance security. … Read more

Decades-Old Security Vulnerabilities Found in Ubuntu’s Needrestart Package

November 20, 2024 at 04:45AM Multiple security vulnerabilities have been found in the needrestart package on Ubuntu Server, allowing local attackers to gain root privileges. Identified by Qualys, these flaws are easy to exploit, prompting users to upgrade to the latest version (3.8) or temporarily disable interpreter scanners to mitigate risks. ### Meeting Takeaways – … Read more

Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 Stolen Credentials in S3 Bucket

October 31, 2024 at 08:37AM Sysdig researchers discovered a misconfigured S3 bucket linked to EmeraldWhale, revealing 1.5 terabytes of stolen credentials and scripts. This incident led to the exposure of 15,000 stolen credentials, highlighting significant security vulnerabilities. ### Meeting Notes Summary: 1. **Incident Detected**: Sysdig researchers identified a significant misconfiguration in an S3 bucket linked … Read more

Zimbra RCE Vuln Under Attack Needs Immediate Patching

October 1, 2024 at 05:47PM Cyber attackers are actively exploiting a severe remote code execution vulnerability (CVE-2024-45519) in Zimbra’s SMTP server, allowing them to take control of vulnerable systems. Proofpoint researchers observed attacks since Sept. 28, with attackers sending spoofed emails containing base64-encoded malicious code. Zimbra issued updates, but administrators need to apply them promptly … Read more

UAE, Saudi Arabia Become Plum Cyberattack Targets

October 1, 2024 at 01:09AM Cyberattackers and hacktivists are increasingly targeting the Gulf Cooperative Council (GCC) region, with a 70% rise in DDoS attacks in the first half of the year. The UAE faces an average of 50,000 cyberattacks daily, while Saudi Arabia was targeted by a China-linked group. The increase in attacks may involve … Read more

How $20 and a lapsed domain allowed security pros to undermine internet integrity

September 11, 2024 at 07:07AM During Black Hat, watchTowr Labs researchers discovered vulnerabilities in the WHOIS protocol. They purchased an expired domain to demonstrate its potential misuse. The findings revealed that numerous organizations and government entities were still querying the expired domain, highlighting serious security concerns. The researchers also identified vulnerabilities in TLS/SSL certificate authorities, … Read more

Ransomware Gangs Pummel Southeast Asia

September 1, 2024 at 09:03PM Ransomware attacks in Southeast Asia are on the rise, surpassing the growth rate in European nations. The shift to digital infrastructure in the region often sacrifices security, leading to an increase in successful cyberattacks. Vulnerable sectors include manufacturing, government, and healthcare, with many countries lacking breach notification laws and companies … Read more

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

August 30, 2024 at 05:13AM Trend Micro researchers discovered an attack exploiting the CVE-2023-22527 vulnerability in older Atlassian Confluence versions, deploying an in-memory fileless backdoor called Godzilla webshell. The backdoor, developed by “BeichenDream,” evades detection with AES encryption and remains in-memory. The attack highlights the importance of regularly patching servers and using advanced security solutions. … Read more

IRGC-Linked Hackers Package Modular Malware in Monolithic Trojan

August 20, 2024 at 05:06AM State-level Iranian APT TA453 (aka APT42) recently executed a phishing attack by disguising as the research director of ISW and engaging with an Israeli rabbi. They delivered a new monolithic PowerShell Trojan, “AnvilEcho,” bundling their previous espionage tools into a single script. This change aims to reduce malware download size … Read more