#XynikSecurity

Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

by

October 2, 2024 at 04:46PM Critical security vulnerabilities with severity scores of 9.3 have been discovered in Optigo’s Spectra Aggregation Switch, potentially allowing remote attackers to inject malware into the OT network management switches running version 1.3.7 and earlier. No patches are available, and the manufacturer has issued workarounds to mitigate the vulnerabilities. The US … Read more

PKfail Secure Boot bypass remains a significant risk two months later

by

September 17, 2024 at 09:32AM Roughly 9% of tested firmware images use non-production cryptographic keys, making Secure Boot devices vulnerable to UEFI bootkit malware attacks. Known as ‘PKfail’, this supply chain attack affects various computer manufacturers and has been addressed by Binarly, who released a “PKfail scanner” to identify vulnerable firmware submissions. Vendors are taking … Read more

Feeld dating app’s security too open-minded as private data swings into public view

by

September 13, 2024 at 02:31PM Researchers uncovered numerous security vulnerabilities in the Feeld dating app, creating potential risks for users’ sensitive data. The flaws allowed unauthorized access to private messages, user profiles, and media shared in chatrooms. Despite notifications to Feeld, the fixes remain pending six months later, prompting concerns about data security and privacy. … Read more

WordPress.org to require 2FA for plugin developers by October

by

September 11, 2024 at 01:37PM Starting October 1st, WordPress.org requires two-factor authentication for accounts that can push updates to plugins and themes. This decision aims to reduce the risk of unauthorized access and supply-chain attacks. The 2FA security feature needs to be activated, and SVN-specific passwords have been added for making code changes. Technical limitations … Read more

SAP Releases 16 New Security Notes on September 2024 Patch Day

by

September 10, 2024 at 10:27AM SAP released 16 new and updated security notes in September 2024. The updates addressed critical, high, and medium-severity vulnerabilities in various software applications. These include fixes for issues such as missing authorization checks, information disclosure, and cross-site scripting. SAP advises users to apply the fixes promptly and notes no exploitation … Read more

Payment gateway data breach affects 1.7 million credit card owners

by

September 9, 2024 at 10:39AM Payment gateway provider Slim CD disclosed a data breach compromising credit card and personal data of nearly 1.7 million individuals. Hackers had access to the network for almost a year. Though the exposed data isn’t enough for fraudulent transactions, a risk of credit card fraud exists. Slim CD has augmented … Read more

‘Revival Hijack’ on PyPI Disguises Malware with Legitimate File Names

by

September 4, 2024 at 04:43PM Security researchers have discovered a concerning method for attackers to distribute malicious payloads through the PyPI package repository. By re-registering a removed package with the same name, adversaries can pass off rogue packages as legitimate ones. This “Revival Hijack” method poses a clear threat, with 120,000 abandoned packages susceptible to … Read more

It’s Possible to Clone YubiKeys Thanks to a Newly Discovered Vulnerability

by

September 4, 2024 at 12:12PM Security researchers have discovered a vulnerability in YubiKey 5 that could allow skilled hackers to clone the device, due to a cryptographic flaw. This could impact millions of users relying on YubiKeys for secure authentication. Exploiting the vulnerability demands significant time, expertise, and costly equipment, making it a complex and … Read more

Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems

by

September 2, 2024 at 12:24AM Developers of Roblox are being targeted by a persistent campaign that uses fake npm packages to compromise systems, mimicking the popular ‘noblox.js’ library. Attackers employ brandjacking and starjacking to give a facade of legitimacy. Malicious packages steal data and deploy malware, with the end goal being to deploy Quasar RAT … Read more

Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs

by

August 27, 2024 at 10:05AM Chinese hacking group Volt Typhoon exploited a zero-day vulnerability in Versa Director to upload a destructive webshell, allowing them to steal credentials and breach corporate networks. Versa has released an advisory outlining impacted versions and the recommended upgrade to fix the issue. Lumen’s Black Lotus Labs identified the exploit and … Read more