Cybersecurity
- securityboulevard.com Ghostscript Vulnerabilities Patched in Recent Ubuntu Updates
Canonical has released Ubuntu security updates to address several Ghostscript vulnerabilities identified by security researchers. These vulnerabilities could potentially allow attackers to bypass security restrictions or even execute malicious code on your system. Ghostscript is a widely used tool f...
- securityaffairs.com Operation Morpheus took down 593 Cobalt Strike servers used by threat actors
An international law enforcement operation code-named Operation Morpheus led to the takedown of 593 Cobalt Strike servers used by crooks.
- www.darkreading.com Ransomware Eruption: Novel Locker Malware Flows From ‘Volcano Demon'
Attackers clear logs before exploitation and use "no caller ID" numbers to negotiate ransoms, complicating detection and forensics efforts.
- www.bleepingcomputer.com OVHcloud blames record-breaking DDoS attack on MikroTik botnet
OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps).
- www.theregister.com Traeger smokes security bugs threatening grillers' hard work
Never risk it when it comes to brisket – make sure those updates are applied
- www.securityweek.com Brazil Data Regulator Bans Meta From Mining Data to Train AI Models
Brazil’s national data protection authority has determined that Meta cannot use data originating in the country to train its artificial intelligence.
- securityaffairs.com Polish government investigates Russia-linked cyberattack on state news agency
The Polish government is investigating a potential connection between Russia and a cyberattack on the country’s state news agency.
-
Authy Users' Phone Numbers Compromised via Twilio API Vulnerability
www.bleepingcomputer.com Hackers abused API to verify millions of Authy MFA phone numbersTwilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
- www.bleepingcomputer.com Formula 1 governing body discloses data breach after email hacks
FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack.
- www.bleepingcomputer.com Patelco shuts down banking systems following ransomware attack
Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact.
- www.darkreading.com Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication
Adversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving targets with only authentication choices that force them to give up credentials.
> Adversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving targets with only authentication choices that force them to give up credentials.
- www.securityweek.com Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug
Google ships an Android security update with fixes for 15 vulnerabilities, including a critical-severity flaw in Framework.
- www.securityweek.com Splunk Patches High-Severity Vulnerabilities in Enterprise Product
Splunk has patched multiple vulnerabilities in Splunk Enterprise, including high-severity remote code execution bugs.
- www.bleepingcomputer.com Latest Intel CPUs impacted by new Indirector side-channel attack
Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU.
- www.bleepingcomputer.com Prudential Financial now says 2.5 million impacted by data breach
Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach.
- odysee.com Another Critical OpenSSH Vulnerability
In this video I discuss the regreSSHion vulnerability CVE-2024-6387, how to mitigate it, and how vulnerabilities like this can be prevented in the future. Learn more about the bug below.
- arstechnica.com 3 million iOS and macOS apps were exposed to potent supply-chain attacks
Apps that used code libraries hosted on CocoaPods were vulnerable for about 10 years.
- www.bleepingcomputer.com Cisco warns of NX-OS zero-day exploited to deploy custom malware
Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.
> Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.
- www.darkreading.com Google Opens $250K Bug Bounty Contest for VM Hypervisor
If security researchers can execute a guest-to-host attack using a zero-day vuln in the KVM open source hypervisor, Google will make it worth their while.
> If security researchers can execute a guest-to-host attack using a zero-day vuln in the KVM open source hypervisor, Google will make it worth their while.
- www.bleepingcomputer.com Juniper releases out-of-cycle fix for max severity auth bypass flaw
Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.
-
Remote access giant TeamViewer says Russian spies hacked its corporate network
techcrunch.com Remote access giant TeamViewer says Russian spies hacked its corporate network | TechCrunchThe remote access giant linked the cyberattack to government-backed hackers working for Russian intelligence, known as APT29.
Related to: https://sh.itjust.works/post/21489427
- www.theregister.com Police allege ‘evil twin’ in-flight Wi-Fi used to steal info
Fasten your seat belts, secure your tray table, and try not to give away your passwords
-
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)
The following summary from Debian's security list:
> The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.
- www.bleepingcomputer.com Dev rejects CVE severity, makes his GitHub repo read-only
The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their pr...
- www.bleepingcomputer.com Hackers exploit critical D-Link DIR-859 router flaw to steal passwords
Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.
> Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.
- www.bleepingcomputer.com Meet Brain Cipher — The new ransomware behind Indonesia's data center attack
The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.
> The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.
- www.bleepingcomputer.com Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator
The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them dra...
> The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them draw a conclusion.
- www.theregister.com Google cuts ties with Entrust in Chrome over trust issues
Move comes weeks after Mozilla blasted certificate authority for failings
-
'Poseidon' Mac stealer distributed via Google ads
www.malwarebytes.com 'Poseidon' Mac stealer distributed via Google ads | MalwarebytesA competitor of the infamous Atomic Stealer targeting Mac users, has just launched a new campaign to lure in more victims.
- stackdiary.com GitLab vulnerability permits running pipeline tasks under another user
A critical vulnerability in GitLab, CVE-2024-5655, has been disclosed, enabling attackers to run pipeline jobs under any user account. This vulnerability,
- www.securityweek.com CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities
CISA on Wednesday warned that three older flaws in GeoServer, Linux kernel, and Roundcube webmail are exploited in the wild.
- www.bleepingcomputer.com New Unfurling Hemlock threat actor floods systems with malware
A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files.
- therecord.media TeamViewer investigating intrusion of corporate IT environment
Software company TeamViewer said it is investigating a possible intrusion of its internal corporate IT environment after discovering irregularities on Wednesday.
- thecyberexpress.com Philippines Data Security Officer Hacked 93 Different Sites
A data security officer from the Philippines admitted to hacking 93 websites, such as government and private company sites, as well as servers abroad.
- www.darkreading.com Apple AirPods Bug Allows Eavesdropping
The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.
-
Federal Reserve "breached" data may actually belong to Evolve Bank
www.malwarebytes.com Federal Reserve "breached" data may actually belong to Evolve Bank | MalwarebytesLockBit claimed to have breached Federal Reserve but in fact the data came from Evolve Bank & Trust
- www.scmagazine.com Google TAG details nightmare whack-a-mole with Dragonbridge disinfo group
Researchers with Google’s security arm say they have been dealing with a particularly nasty Chinese disinformation group running thousands of accounts.
- www.infosecurity-magazine.com Chinese State Actors Use Ransomware to Conceal Real Intent
A new report warns that Chinese APT groups are using ransomware to conceal cyber-espionage activity