Cybersecurity
- www.darkreading.com Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication
Adversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving targets with only authentication choices that force them to give up credentials.
> Adversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving targets with only authentication choices that force them to give up credentials.
- www.securityweek.com Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug
Google ships an Android security update with fixes for 15 vulnerabilities, including a critical-severity flaw in Framework.
- www.securityweek.com Splunk Patches High-Severity Vulnerabilities in Enterprise Product
Splunk has patched multiple vulnerabilities in Splunk Enterprise, including high-severity remote code execution bugs.
- www.bleepingcomputer.com Latest Intel CPUs impacted by new Indirector side-channel attack
Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU.
- www.bleepingcomputer.com Prudential Financial now says 2.5 million impacted by data breach
Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach.
- odysee.com Another Critical OpenSSH Vulnerability
In this video I discuss the regreSSHion vulnerability CVE-2024-6387, how to mitigate it, and how vulnerabilities like this can be prevented in the future. Learn more about the bug below.
- arstechnica.com 3 million iOS and macOS apps were exposed to potent supply-chain attacks
Apps that used code libraries hosted on CocoaPods were vulnerable for about 10 years.
- www.bleepingcomputer.com Cisco warns of NX-OS zero-day exploited to deploy custom malware
Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.
> Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.
- www.darkreading.com Google Opens $250K Bug Bounty Contest for VM Hypervisor
If security researchers can execute a guest-to-host attack using a zero-day vuln in the KVM open source hypervisor, Google will make it worth their while.
> If security researchers can execute a guest-to-host attack using a zero-day vuln in the KVM open source hypervisor, Google will make it worth their while.
- www.bleepingcomputer.com Juniper releases out-of-cycle fix for max severity auth bypass flaw
Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.
-
Remote access giant TeamViewer says Russian spies hacked its corporate network
techcrunch.com Remote access giant TeamViewer says Russian spies hacked its corporate network | TechCrunchThe remote access giant linked the cyberattack to government-backed hackers working for Russian intelligence, known as APT29.
Related to: https://sh.itjust.works/post/21489427
- www.theregister.com Police allege ‘evil twin’ in-flight Wi-Fi used to steal info
Fasten your seat belts, secure your tray table, and try not to give away your passwords
-
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)
The following summary from Debian's security list:
> The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.
- www.bleepingcomputer.com Dev rejects CVE severity, makes his GitHub repo read-only
The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their pr...
- www.bleepingcomputer.com Hackers exploit critical D-Link DIR-859 router flaw to steal passwords
Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.
> Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.
- www.bleepingcomputer.com Meet Brain Cipher — The new ransomware behind Indonesia's data center attack
The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.
> The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.
- www.bleepingcomputer.com Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator
The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them dra...
> The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them draw a conclusion.
- www.theregister.com Google cuts ties with Entrust in Chrome over trust issues
Move comes weeks after Mozilla blasted certificate authority for failings
-
'Poseidon' Mac stealer distributed via Google ads
www.malwarebytes.com 'Poseidon' Mac stealer distributed via Google ads | MalwarebytesA competitor of the infamous Atomic Stealer targeting Mac users, has just launched a new campaign to lure in more victims.
- stackdiary.com GitLab vulnerability permits running pipeline tasks under another user
A critical vulnerability in GitLab, CVE-2024-5655, has been disclosed, enabling attackers to run pipeline jobs under any user account. This vulnerability,
- www.securityweek.com CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities
CISA on Wednesday warned that three older flaws in GeoServer, Linux kernel, and Roundcube webmail are exploited in the wild.
- www.bleepingcomputer.com New Unfurling Hemlock threat actor floods systems with malware
A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files.
- therecord.media TeamViewer investigating intrusion of corporate IT environment
Software company TeamViewer said it is investigating a possible intrusion of its internal corporate IT environment after discovering irregularities on Wednesday.
- thecyberexpress.com Philippines Data Security Officer Hacked 93 Different Sites
A data security officer from the Philippines admitted to hacking 93 websites, such as government and private company sites, as well as servers abroad.
- www.darkreading.com Apple AirPods Bug Allows Eavesdropping
The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.
-
Federal Reserve "breached" data may actually belong to Evolve Bank
www.malwarebytes.com Federal Reserve "breached" data may actually belong to Evolve Bank | MalwarebytesLockBit claimed to have breached Federal Reserve but in fact the data came from Evolve Bank & Trust
- www.scmagazine.com Google TAG details nightmare whack-a-mole with Dragonbridge disinfo group
Researchers with Google’s security arm say they have been dealing with a particularly nasty Chinese disinformation group running thousands of accounts.
- www.infosecurity-magazine.com Chinese State Actors Use Ransomware to Conceal Real Intent
A new report warns that Chinese APT groups are using ransomware to conceal cyber-espionage activity
- www.darkreading.com Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content
Microsoft, OpenAI, Google, Meta genAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more.
- arstechnica.com Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
A similar flaw last year left 1,800 networks breached. Will the latest one be as potent?
- www.bleepingcomputer.com Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released
The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.
> The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.
- www.bleepingcomputer.com Hackers target new MOVEit Transfer critical auth bypass bug
Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday.
> Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday.
- www.bleepingcomputer.com Snowblind malware abuses Android security feature to bypass security
A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data.
> A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data.
-
Websites that support USB Dongle Authentication (hardware security keys)
dongleauth.com USB Dongle AuthenticationList of websites and whether or not they support One Time Passwords (OTP) or Universal 2nd Factor (U2F).
- www.securityweek.com Indonesia Says a Cyberattack Has Compromised Its Data Center but It Won’t Pay the $8 Million Ransom
Indonesia’s national data center has been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.
- www.cisecurity.org Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
<p>Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the pr...
- www.bleepingcomputer.com Polyfill.io JavaScript supply chain attack impacts over 100K sites
Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites.
> Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites.
- www.csoonline.com Ollama patches critical vulnerability in open-source AI-framework
The vulnerability could leave AI inference servers open to remote code execution that would allow them to be taken over.
> The vulnerability could leave AI inference servers open to remote code execution that would allow them to be taken over.