AttackFeed Cybersecurity News

0

Vulnerability disclosure policy bill for federal contractors clears Senate panel – mbracken

– [[{“value”:” A bill that would require federal contractors to implement vulnerability disclosure policies that comply with National Institute of Standards and Technology guidelines cleared a key Senate panel Wednesday, setting the bipartisan legislation up for a vote before the full chamber. The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024 (S. 5028) from Sens. Mark Warner, D-Va., and James...

0

CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory – CISA

[[{“value”:” Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise attributed to data extortion group, BianLian. The advisory, originally published May 2023, has been updated with additional TTPs obtained through FBI and...

0

Apple Releases Security Updates for Multiple Products – CISA

[[{“value”:” Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: iOS 18.1.1 and iPadOS 18.1.1 macOS Sequoia 15.1.1 iOS 17.7.2 and iPadOS 17.7.2 visionOS 2.1.1 Safari 18.1.1 “}]]    –...

0

Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater” – gallagherseanm

– Sophos MDR has observed a new campaign that uses targeted phishing to entice the target to download a legitimate remote machine management tool to dump credentials. We believe with moderate confidence that this activity, which we track as STAC 1171, is related to an Iranian threat actor commonly referred to as MuddyWater or TA450. Earlier […]  – Read More ...

0

CISA Adds Two Known Exploited Vulnerabilities to Catalog – CISA

[[{“value”:” CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant...

0

2024 CWE Top 25 Most Dangerous Software Weaknesses – CISA

[[{“value”:” The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services. Organizations are strongly encouraged...

0

USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication – CISA

[[{“value”:” Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards.  USDA turned to Fast IDentity Online (FIDO) capabilities,...

0

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments – [email protected] (The Hacker News)

– [[{“value”:”Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim’s funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. “Criminals can now misuse Google Pay...

0

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity – [email protected] (The Hacker News)

– [[{“value”:”Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech giant said, is to avoid incidents like that of CrowdStrike’s earlier this July, enable more apps and users to be run without admin privileges, add controls surrounding the use...

0

Enhancing Cyber Resilience in US SLED Organizations – [email protected]

– [[{“value”:” 2024 Cyber Resilience Research Unveils US SLED Sector Challenges New data illuminates how US SLED leaders can prioritize resilience. US SLED (State, Local, and Higher Education) organizations find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to US SLED...

0

NHIs Are the Future of Cybersecurity: Meet NHIDR – [email protected] (The Hacker News)

– The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take  – Read More  – The Hacker News 

0

Decades-Old Security Vulnerabilities Found in Ubuntu’s Needrestart Package – [email protected] (The Hacker News)

– [[{“value”:”Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that”}]]  – Read...

0

What is 2FA? – cyberpro

– [[{“value”:” Two-Factor Authentication (2FA) is a security process that adds an additional layer of protection to your accounts by requiring two different types of credentials to verify your identity before granting access. It ensures that even if one of the factors (like your password) is compromised, unauthorised access is still prevented because the attacker would need […] The post...

0

Social Media Hackers: How They Operate and How to Protect Yourself – cyberpro

– [[{“value”:” The Rising Threat of Social Media Hackers Social media platforms are an integral part of daily life, but they are also prime targets for hackers. With billions of users worldwide, these platforms store personal information that is highly valuable to cybercriminals. Understanding how social media hackers operate and learning how to protect your accounts is […] The post...

0

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks – [email protected] (The Hacker News)

– [[{“value”:”A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications”}]]  – Read More ...

0

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation – [email protected] (The Hacker News)

– [[{“value”:”Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. “This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network”}]]  – Read More  – The...

0

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities – [email protected] (The Hacker News)

– [[{“value”:”Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below – CVE-2024-44308 – A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content CVE-2024-44309 – A cookie management vulnerability...

0

Fintech Giant Finastra Investigating Data Breach – BrianKrebs

– [[{“value”:” The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company....

0

Sen. Blumenthal wants FCC to get busy on telecom wiretap security rules – Tim Starks

– [[{“value”:” A top senator on Tuesday urged the Federal Communications Commission to begin writing rules that would create mandatory security standards for wiretapping systems embedded in the networks of telecommunications carriers. The suggestion to act immediately from Sen. Richard Blumenthal, D-Conn., comes in response to Chinese hackers known as Salt Typhoon, targeting the phones of both 2024 presidential campaigns...

0

Microsoft launches ‘Zero Day Quest’ competition to enhance cloud and AI security – Greg Otto

– [[{“value”:” Microsoft has announced the launch of Zero Day Quest, a significant expansion of its bug bounty programs, focused on uncovering high-impact security vulnerabilities in cloud and AI technologies.  Under the program, Microsoft will double the bounty rewards for eligible AI vulnerabilities from Nov. 19, 2024, to Jan. 19, 2025, and give researchers direct access to the company’s dedicated...

0

Bipartisan Senate bill targets supply chain threats from foreign adversaries – mbracken

– [[{“value”:” An interagency federal council charged with securing the government’s IT supply chain would get stronger oversight powers under new legislation from a bipartisan pair of Senate lawmakers. The Federal Acquisition Security Council Improvement Act from Sens. Gary Peters, D-Mich., and Mike Rounds, R-S.D., is aimed at better combatting security threats posed by technology products made by companies with...

0

Rail and pipeline representatives push to dial back TSA’s cyber mandates – Christian Vasquez

– [[{“value”:” House Republicans and representatives from the rail and pipeline industries criticized what they say are overly onerous security regulations during a Tuesday hearing that could be a preview of how cyber rules are handled in the Trump administration. The House Homeland Security Subcommittee on Transportation and Maritime Security hearing focused on the business impact of Transportation Security Administration...

0

Looking at the Internals of the Kenwood DMX958XR IVI – Connor Ford

– [[{“value”:” For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head units have been selected as targets. One of these is the double DIN Kenwood DMX958XR. This unit offers a variety of functionality, such as wired and wireless Android Auto and Apple CarPlay, as well as USB media playback, wireless mirroring, and more. This blog...

0

The AI Fix #25: Beware of the superintelligence, and a spam-eating AI super gran – Graham Cluley

– [[{“value”:”In episode 25 of The AI Fix, humanity creates a satellite called Skynet and then loses it, Graham folds proteins in the comfort of his living room, a Florida man gets a robot dog, Grok rats on its own boss, and a podcast host discovers Brazil nuts. Graham meets an elderly grandmother who’s taking on the AI scammers, our...

0

Mitsubishi Electric MELSEC iQ-F Series – CISA

[[{“value”:” View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Improper Validation of Specified Type of Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in Ethernet communication on the module. A system reset of the module...

0

Hitachi Energy MSM – CISA

[[{“value”:” View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MSM Vulnerabilities: Missing Release of Resource after Effective Lifetime, Loop with Unreachable Exit Condition (‘Infinite Loop’) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to impact the confidentiality, integrity or availability of the MSM. 3. TECHNICAL DETAILS 3.1...

0

CISA Releases One Industrial Control Systems Advisory – CISA

[[{“value”:” CISA released one Industrial Control Systems (ICS) advisory on November 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-324-01 Mitsubishi Electric MELSEC iQ-F Series CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. “}]]    – Read More – All CISA Advisories 

0

Botnet serving as ‘backbone’ of malicious proxy network taken offline  – mbracken

– [[{“value”:” Whether it’s for espionage purposes or financially motivated cybercrime, proxy services are a common tool in the attacker toolbox. Often used to disguise the true origin or location of malicious activity, proxies can be lucrative for malicious actors, who create them via a botnet and sell access in order for others to run their schemes, which can range...

0

Attackers are hijacking Jupyter notebooks to host illegal Champions League streams – Christian Vasquez

– [[{“value”:” Amid threats of state-backed APTs turning the geopolitical tide by diving into sensitive networks, some hackers are looking to use misconfigured Jupyter notebook servers to watch UEFA Champions League soccer, according to a new report from Aqua Security. Researchers at the cloud security company said in a report released Tuesday that hackers were drawn to the misconfigured JupyterLab...

0

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts – [email protected] (The Hacker News)

– [[{“value”:”Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The”}]]  –...

0

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices – [email protected] (The Hacker News)

– [[{“value”:”The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. “At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices,” the...