Wed.Jul 10, 2024

article thumbnail

The Stark Truth Behind the Resurgence of Russia’s Fin7

Krebs on Security

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of Stark Industries Solutions , a sprawling hosting provider that is a persistent source of cyberat

Phishing 294
article thumbnail

RADIUS Vulnerability

Schneier on Security

New attack against the RADIUS authentication protocol: The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cisco Talos: Top Ransomware TTPs Exposed

Tech Republic Security

Read about the new Cisco Talos report on the top ransomware groups’ techniques and learn how to mitigate this cybersecurity risk. Cisco Talos observed the TTPs used by 14 of the most prevalent ransomware groups based on their volume of attack, impact to customers and atypical behavior.

article thumbnail

New Ransomware Group Exploiting Veeam Backup Software Vulnerability

The Hacker News

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities.

Backups 143
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

AWS Summit New York 2024: Guardrails for Amazon Bedrock Gains Claude 3 Haiku and Contextual Grounding

Tech Republic Security

Responsible AI Lead Diya Wynn spoke to TechRepublic about AI hallucinations and upskilling. Plus, Anthropic Claude 3 comes to Bedrock.

article thumbnail

PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks

The Hacker News

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales.

DDOS 143

More Trending

article thumbnail

The $11 Billion Marketplace Enabling the Crypto Scam Economy

WIRED Threat Level

Deepfake scam services. Victim data. Electrified shackles for human trafficking. Crypto tracing firm Elliptic found all were available for sale on an online marketplace linked to Cambodia’s ruling family.

Scams 143
article thumbnail

U.S. CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-23692 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability CVE-2024-38080 Microsoft Windows Hyper-V Privilege Esc

article thumbnail

GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

The Hacker News

GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user. Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.

Software 136
article thumbnail

A new flaw in OpenSSH can lead to remote code execution

Security Affairs

A vulnerability affects some versions of the OpenSSH secure networking suite, it can potentially lead to remote code execution. The vulnerability CVE-2024-6409 (CVSS score: 7.0) impacts select versions of the OpenSSH secure networking suite, it can be exploited to achieve remote code execution (RCE). The issue is a possible race condition in cleanup_exit() in openssh’s privsep child that impacts openssh versions 8.7p1 and 8.8p1.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Crypto Analysts Expose HuiOne Guarantee's $11 Billion Cybercrime Transactions

The Hacker News

Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. "Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion," Elliptic said in a report shared with The Hacker News.

article thumbnail

VMware fixed critical SQL-Injection in Aria Automation product

Security Affairs

VMware addressed a critical SQL-Injection vulnerability, tracked as CVE-2024-22280, impacting Aria Automation. Virtualization giant VMware addressed a high-severity SQL-injection vulnerability, tracked as CVE-2024-22280 (CVSSv3 base score of 8.5), in its Aria Automation solution. VMware Aria Automation (formerly vRealize Automation ) is a modern cloud automation platform that simplifies and streamlines the deployment, management, and governance of cloud infrastructure and applications.

article thumbnail

Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited

The Hacker News

Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity.

135
135
article thumbnail

Citrix fixed critical and high-severity bugs in NetScaler product

Security Affairs

IT giant Citrix addressed multiple vulnerabilities, including critical and high-severity issues in its NetScaler product. Citrix released security updates to address critical and high-severity issues in its NetScaler product. The most severe issue is an improper authorization flaw, tracked as CVE-2024-6235 (CVSS score of 9.4). An attacker with access to the NetScaler Console IP can exploit the vulnerability to access sensitive information.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Google Adds Passkeys to Advanced Protection Program for High-Risk Users

The Hacker News

Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program (APP). "Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said. Passkeys are considered a more secure and phishing-resistant alternative to passwords.

Risk 131
article thumbnail

Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days

Security Affairs

Microsoft Patch Tuesday security updates for July 2024 addressed 139 flaws, including two actively exploited zero-days. Microsoft Patch Tuesday security updates for July 2024 addressed 139 vulnerabilities in Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Defender for IoT; SQL Server; Windows Hyper-V; Bitlocker and Secure(?

IoT 136
article thumbnail

Peloton accused of providing customer chat data to train AI

Malwarebytes

It seems that Peloton may have been providing more training than just for its customers, as it’s set to face court in California accused of using user chat data to train AI. Peloton Interactive, Inc. is a US-based exercise equipment and media company, known for its stationary bicycles, treadmills, and indoor rowers equipped with internet-connected touch screens that stream live and on-demand fitness classes through a subscription service.

Marketing 130
article thumbnail

Deepfake Threats and Biometric Security Vulnerabilities

Security Boulevard

Grasping how biometric attacks work is crucial for organizations to make informed decisions based on actual threat intelligence. The post Deepfake Threats and Biometric Security Vulnerabilities appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Smash-and-Grab Extortion

The Hacker News

The Problem The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are: 53% of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zero-days. More mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities.

126
126
article thumbnail

Microsoft fixes Windows 11 bug causing reboot loops, taskbar freezes

Bleeping Computer

Microsoft has fixed a known issue causing restart loops and taskbar problems on Windows 11 systems after installing the June KB5039302 preview update. [.

125
125
article thumbnail

‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans

Security Boulevard

MD5 MITM Muddle: Ancient, widely used protocol has CVSS 9.0 vulnerability. The post ‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans appeared first on Security Boulevard.

article thumbnail

Windows MSHTML zero-day used in malware attacks for over a year

Bleeping Computer

Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features. [.

Malware 119
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Google and Apple Move to Strengthen User Protections

Security Boulevard

Google and Apple look to give users better protections against social engineering attacks like phishing, with Google giving high-risk users access to the APP service with a passkey and Apple educating users about the threats with a detailed support document in the wake of a recent smishing campaign. The post Google and Apple Move to Strengthen User Protections appeared first on Security Boulevard.

article thumbnail

Google Is Adding Passkey Support for Its Most Vulnerable Users

WIRED Threat Level

Google is bringing the password-killing “passkey” tech to its Advanced Protection Program users more than a year after rolling them out broadly.

Passwords 119
article thumbnail

3 Ways to Achieve Zero-Trust With Your PAM Strategy

Security Boulevard

Three crucial ways to achieve zero-trust through your PAM strategy, ensuring that every privileged user session within your IT environment is safe by design. The post 3 Ways to Achieve Zero-Trust With Your PAM Strategy appeared first on Security Boulevard.

article thumbnail

True Protection or False Promise? The Ultimate ITDR Shortlisting Guide

The Hacker News

It’s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack.

CISO 119
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Beyond Checklists: The Rise of Automated Vendor Assessment and Enhanced Security

Security Boulevard

As cyberthreats continue to increase, automation and proactive measures will be essential for mitigating the risks associated with third-party relationships and safeguarding valuable data and infrastructure. The post Beyond Checklists: The Rise of Automated Vendor Assessment and Enhanced Security appeared first on Security Boulevard.

Risk 120
article thumbnail

Microsoft 365, Office users hit by wave of ‘30088-27’ update errors

Bleeping Computer

Over the last month, Microsoft 365 and Microsoft Office users have been experiencing "30088-27" errors when attempting to update the application.

111
111
article thumbnail

Why the Ticketmaster Breach is More Dangerous Than You Think

Security Boulevard

Learn how the Ticketmaster breach introduces corporate vulnerabilities plus steps to detect company credential usage and safeguard your organization's systems. The post Why the Ticketmaster Breach is More Dangerous Than You Think appeared first on Security Boulevard.

114
114
article thumbnail

Quantifying the Probability of Flaws in Open Source

Veracode Security

Jay Jacobs and I recently delivered an RSA presentation called Quantifying the Probability of Flaws in Open Source. Since many people didn’t get a chance to see it, I thought I’d summarize some of the findings here for posterity. The question we investigated was simple, at least conceptually: what are the red flags of an open-source repository? Are there characteristics of a given open source library that would reliably indicate it was safer than others?

Software 105
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.