Latest Cybersecurity News and Articles

---

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many

---

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322, "involves the use of promise objects and lazy evaluation in R," AI application security

---

Know-Your-Customer Executive Order Facing Stiff Opposition From Cloud Industry

A controversial executive order that would require U.S. cloud companies to closely monitor the identities of their customers will move one step closer to the finish line next week amid opposition from the industry.

---

LSA Whisperer: Open-source tools for interacting with authentication packages

The tool allows users to directly recover multiple types of credentials from the LSASS without accessing its memory. This includes recovering Kerberos tickets, SSO cookies, DPAPI credential keys, and NTLMv1 responses.

---

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian

---

Okta Warns of Unprecedented Scale in Credential Stuffing Attacks on Online Services

The attacks recently observed by Okta route requests through anonymizing services like TOR and residential proxies such as NSOCKS, Luminati, and DataImpulse. The experts noticed that millions of requests have been routed through these services.

---

Most People Still Rely on Memory or Pen and Paper for Password Management

A Bitwarden survey showed that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%).

---

Japanese police create fake support scam payment cards to warn victims

The cards are labeled "Virus Trojan Horse Removal Payment Card" and "Unpaid Bill Late Fee Payment Card," and were created by the Echizen Police in the Fukui prefecture in Japan as an alert mechanism.

---

Palo Alto Updates Remediation for Max-Critical Firewall Bug

The vulnerability, tracked as CVE-2024-3400, has a CVSS score of 10 out of 10, and can allow an unauthenticated threat actor to execute arbitrary code with root privileges on the firewall device, according to the update.

---

US Post Office Phishing Sites Get as Much Traffic as the Real One

Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays.

---

Analysis of Native Process CLR Hosting Used by AgentTesla

The initial infection vector is a Word document that downloads and executes a 64-bit Rust-compiled binary. This binary then downloads an encoded shellcode containing the AgentTesla payload.

---

No more 12345: devices with weak passwords to be banned in UK

Makers of phones, TVs and smart doorbells legally required to protect devices against access by cybercriminalsTech that comes with weak passwords such as “admin” or “12345” will be banned in the UK under new laws dictating that all smart devices must meet minimum security standards.Measures to protect consumers from hacking and cyber-attacks come into effect on Monday, the Department for Science, Innovation and Technology said. Continue reading...

---

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials ('combo lists'), and scripting tools," the

---

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with

---

Thousands of Qlik Sense Servers Open to Cactus Ransomware

Nearly five months after security researchers warned of the Cactus ransomware group leveraging a set of three vulnerabilities in Qlik Sense data analytics and BI platform, many organizations remain dangerously vulnerable to the threat.

---

FBI: Fraudsters Using Fake Online Dating Verification Apps to Scam Lovers

The FBI published a warning on Friday about the scam, noting that it was akin to an offshoot of romance scams and pig butchering schemes that have proliferated in recent years.

---

Bogus npm Packages Used to Trick Software Developers into Installing Malware

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor.

---

Zero-Day from 2017 Used Along With Cobalt Strike Loader in Unholy Alliance

The operation involves a malicious PPSX file that drops a custom loader for the Cobalt Strike Beacon malware. The loader employs various techniques to slow down analysis and bypass security solutions.

---

Bogus npm Packages Used to Trick Software Developers into Installing Malware

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked

---

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules,