] The Mad Hacker [

online
mad hacker

Collecting all the news about Cybersecurity, computer security, cracking, hacking, infosec, netsec, & security vunerabilities in one convenient place

Whitehat, greyhat, blackhat, tinker, tailor, solider, spy
We trawl the web so you don't have to
Since 2000

the mad hacker overlay

Handling Cookies is a Minefield

(Sunday November 24, 2024)
Discrepancies in how browsers and libraries handle HTTP cookies, and the problems caused by such things.

Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

(Saturday November 23, 2024)
Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said.

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

(Saturday November 23, 2024)
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access

(Friday November 22, 2024)
In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever worked. The investigation began when an alert from a custom detection signature Volexity had deployed at a customer site (“Organization A”) indicated a threat actor had compromised a server on the customer’s network. While Volexity quickly investigated the threat activity, more questions were raised than answers due to a very motivated and skilled advanced persistent threat (APT) actor, who was using a novel attack vector Volexity had not previously encountered.

Navigating the Leap: My Journey from Software Engineering to Offensive Security

(Friday November 22, 2024)
A software engineer's journey into offensive security, sharing insights and tips for transitioning careers and thriving in the infosec field.

Prototype Pollution in NASAs Open MCT CVE-2023-45282

(Friday November 22, 2024)
2023 The Prototype Pollution vulnerability is specific to the JavaScript programming language. It enables an attacker to add or alter any properties of global object prototypes. Once the property is changed, the code that inherits it will use the injected property instead of the original one. This can be a very dangerous vulnerability that could (at best) cause a change in the client side of the application business logic or (at worst) a Remote Code Execution (RCE) on the server...

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

(Friday November 22, 2024)
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asyncshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia

(Friday November 22, 2024)
Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future's Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

(Friday November 22, 2024)
A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. "The attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a

CUPS IPP Attributes LAN Remote Code Execution

(Friday November 22, 2024)
This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed less than or equal to 2.0.1, libcupsfilters versions 2.1b1 and below, libppd versions 2.1b1...

ProjectSend R1605 Unauthenticated Remote Code Execution

(Friday November 22, 2024)
This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.

needrestart Local Privilege Escalation

(Friday November 22, 2024)
Qualys discovered that needrestart suffers from multiple local privilege escalation vulnerabilities that allow for root access from an unprivileged user.

fronsetia 1.1 Cross Site Scripting

(Friday November 22, 2024)
fronsetia version 1.1 suffers from a cross site scripting vulnerability.

fronsetia 1.1 XML Injection

(Friday November 22, 2024)
fronsetia version 1.1 suffers from an XML external entity injection vulnerability.

PowerVR psProcessHandleBase Reuse

(Friday November 22, 2024)
PowerVR has an issue where PVRSRVAcquireProcessHandleBase() can cause psProcessHandleBase reuse when PIDs are reused.

Linux 6.6 Race Condition

(Friday November 22, 2024)
A security-relevant race between mremap() and THP code has been discovered. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering the bug in multiple processes can probably lead to unintended page table sharing, which probably can lead to stale TLB entries pointing to freed pages.

Korenix JetPort 5601 1.2 Path Traversal

(Friday November 22, 2024)
Korenix JetPort 5601 version 1.2 suffers from a path traversal vulnerability.

SEH utnserver Pro 20.1.22 Cross Site Scripting

(Friday November 22, 2024)
SEH utnservyer Pro version 20.1.22 suffers from multiple persistent cross site scripting vulnerabilities.

Faraday 5.9.0

(Friday November 22, 2024)
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Ubuntu Security Notice USN-7015-6

(Friday November 22, 2024)
Ubuntu Security Notice 7015-6 - USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered...

Ubuntu Security Notice USN-7120-3

(Friday November 22, 2024)
Ubuntu Security Notice 7120-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Debian Security Advisory 5812-2

(Friday November 22, 2024)
Debian Linux Security Advisory 5812-2 - The postgresql minor release shipped in DSA 5812 introduced an ABI break, which has been reverted so that extensions do not need to be rebuilt.

Proxmark3 4.19552 Custom Firmware

(Friday November 22, 2024)
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed "Orca".

Apple Web Content Filter Bypass

(Friday November 22, 2024)
Nosebeard Labs has identified a critical vulnerability in the Apple system wide web content filter that allows a full bypass of content restrictions. This vulnerability, which occurs specifically when Screen Time content filtering settings are enabled, permits users or attackers to access restricted websites in Safari without detection. The timeline in this advisory is probably the most interesting thing to note. It shows a Fortune 10 ignoring a concern for years until a news article gets written, and that is truly disappointing. Do better Tim.

Red Hat Security Advisory 2024-9806-03

(Friday November 22, 2024)
Red Hat Security Advisory 2024-9806-03 - Red Hat build of Apache Camel 4.4.4 for Spring Boot release and security update is now available. Issues addressed include a code execution vulnerability.

Apple Security Advisory 11-19-2024-5

(Friday November 22, 2024)
Apple Security Advisory 11-19-2024-5 - macOS Sequoia 15.1.1 addresses code execution vulnerabilities.

Red Hat Security Advisory 2024-9738-03

(Friday November 22, 2024)
Red Hat Security Advisory 2024-9738-03 - An update for squid is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-9729-03

(Friday November 22, 2024)
Red Hat Security Advisory 2024-9729-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-9690-03

(Friday November 22, 2024)
Red Hat Security Advisory 2024-9690-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Apple Security Advisory 11-19-2024-4

(Friday November 22, 2024)
Apple Security Advisory 11-19-2024-4 - iOS 17.7.2 and iPadOS 17.7.2 addresses code execution vulnerabilities.

Red Hat Security Advisory 2024-9689-03

(Friday November 22, 2024)
Red Hat Security Advisory 2024-9689-03 - An update for binutils is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-9679-03

(Friday November 22, 2024)
Red Hat Security Advisory 2024-9679-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-9678-03

(Friday November 22, 2024)
Red Hat Security Advisory 2024-9678-03 - An update for squid is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a denial of service vulnerability.

Apple Security Advisory 11-19-2024-3

(Friday November 22, 2024)
Apple Security Advisory 11-19-2024-3 - iOS 18.1.1 and iPadOS 18.1.1 addresses code execution vulnerabilities.

Here's What Happens If You Don't Layer Network Security Or Remove Unused Web Shells

(Friday November 22, 2024)

Helpline For Yakuza Victims Fears It Leaked Their Personal Info

(Friday November 22, 2024)

US Takes Down Stolen Credit Card Marketplace PopeyeTools

(Friday November 22, 2024)

Microsoft Disrupts ONNX Phishing Service, Names Its Operator

(Friday November 22, 2024)

Google's AI Powered Fuzzing Tool Discovers 26 New Vulns

(Friday November 22, 2024)

Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

(Friday November 22, 2024)
Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamless digital transformation that’s both scalable and adaptable. As companies shift from traditional,

Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks

(Friday November 22, 2024)
Meta Platforms, Microsoft, and the U.S. Department of Justice (DoJ) have announced independent actions to tackle cybercrime and disrupt services that enable scams, fraud, and phishing attacks. To that end, Microsoft's Digital Crimes Unit (DCU) said it seized 240 fraudulent websites associated with an Egypt-based cybercrime facilitator named Abanoub Nady (aka MRxC0DER and mrxc0derii), who

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

(Friday November 22, 2024)
Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. The packages, named gptplus and claudeai-eng, were uploaded by a user named "Xeroline" in November 2023, attracting

Leveraging An Order of Operations Bug to Achieve RCE in Sitecore 8.x - 10.x

(Friday November 22, 2024)
Local file disclosure in Sitecore 8.x to 10.x that can lead to RCE (CVE-2024-46938) due to an order of operations bug within a handler responsible for reading local files.

Feds Charge Five Men in ‘Scattered Spider’ Roundup

(Thursday November 21, 2024)
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.

A simple text message is allowing scammers to take control of social media accounts

(Thursday November 21, 2024)
Louise Manning thought she knew how to handle the risks of online scammers — but it took one simple question from someone she thought was her friend to be duped.

Stop Using Predictable Bucket Names: A Failed Attempt at Hacking Satellites

(Thursday November 21, 2024)
This blog discusses the security risks of S3 bucket namesquatting in AWS, where attackers could potentially exploit predictable bucket naming patterns that include region names, and documents the author's research finding buckets pre-created for non-existent regions (up to "us-east-15") while searching for potential vulnerabilities in AWS service-managed buckets.

750,000 patients’ medical records exposed after data breach at French hospital

(Thursday November 21, 2024)
A hacker calling themselves "nears" claims to have compromised the systems of multiple healthcare facilities across France, claiming to have gained access to the records of over 1.5 million people. Read more in my article on the Tripwire State of Security blog.

Azure Detection Engineering: Log idiosyncrasies you should know about

(Thursday November 21, 2024)
We share a few inconsistencies found in Azure logs which make detection engineering more challenging.

Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign

(Thursday November 21, 2024)
As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the U.S. (554) and India (461), followed by Thailand (80), Mexico (48), Indonesia

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

(Thursday November 21, 2024)
The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.

Russian Women Stepping Up For Cybercrime Outfits

(Thursday November 21, 2024)

Five Scattered Spider Suspects Indicted For Phishing And Heists

(Thursday November 21, 2024)

Put Your Username And Passwords In Your Will, Advises Japan's Government

(Thursday November 21, 2024)

Ubuntu Affected By 10-Year-Old Flaws In needrestart Package

(Thursday November 21, 2024)

FBI And CISA Warn Of Continued Cyberattacks On US Telecoms

(Thursday November 21, 2024)

MITRE Updates List Of 25 Most Dangerous Software Vulnerabilities

(Thursday November 21, 2024)

10 Most Impactful PAM Use Cases for Enhancing Organizational Security

(Thursday November 21, 2024)
Privileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team.  As an established provider of a PAM solution, we’ve witnessed firsthand how PAM transforms organizational security. In

North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs

(Thursday November 21, 2024)
Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and

Cyber Story Time: The Boy Who Cried "Secure!"

(Thursday November 21, 2024)
As a relatively new security category, many security operators and executives I’ve met have asked us “What are these Automated Security Validation (ASV) tools?” We’ve covered that pretty extensively in the past, so today, instead of covering the “What is ASV?” I wanted to address the “Why ASV?” question. In this article, we’ll cover some common use cases and misconceptions of how people misuse

Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

(Thursday November 21, 2024)
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America,

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

(Thursday November 21, 2024)
Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been

Closer to the Edge: Hyperscaling Have I Been Pwned with Cloudflare Workers and Caching

(Thursday November 21, 2024)
. _Really_ fast. Fast to the extent that sometimes, it was even _too_ fast: > The response from each search was coming back so quickly that the > user wasn’t sure

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

(Thursday November 21, 2024)
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets,"

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

(Thursday November 21, 2024)
Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher

Smashing Security podcast #394: Digital arrest scams and stream-jacking

(Thursday November 21, 2024)
In our latest episode we discuss how a woman hid under the bed after scammers told her she was under "digital arrest", how hackers are hijacking YouTube channels through malicious sponsorship deals, and how one phone company is turning the tables on fraudsters through deepfake AI. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.

Spelunking in Comments and Documentation for Security Footguns - Include Security Research Blog

(Wednesday November 20, 2024)
November 20, 2024 — Alex Leahu When we perform security assessments at Include Security, we like to have a holistic view of the application and attack from multiple angles. For me, this means going deeper than just looking at client code and also exploring third-party libraries and frameworks used by the application. Doing a full security assessment of every third-party component is not feasible during an engagement, but documentation and comments for these projects have given me a lot of...

Azure CloudQuarry: Searching for secrets in Public VM Images

(Wednesday November 20, 2024)
After the initial investigation entitled "AWS CloudQuarry: Digging for secrets in Public AMIs" was finalized, we continued with the same idea on Azure in order to search for hidden and forgotten secrets in Azure VM Images. I will try to keep this article short and present how we managed to collect approximately 120GB of data…

Wormable XSS www.bing.com

(Wednesday November 20, 2024)
My primary objective was to identify an XSS vulnerability within a Microsoft web product that could potentially be leveraged to exploit other Microsoft applications by sending requests from the…

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

(Wednesday November 20, 2024)
Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. "Criminals can now misuse Google Pay and Apple

Agentic AI – A Game Changer for IT

(Wednesday November 20, 2024)
With the advent of agentic AI, assistance is moving to automation where systems act with agency to achieve specific goals. Agentic AI systems can make rapid decisions, manage complex tasks, and adapt to changing conditions.

NHIs Are the Future of Cybersecurity: Meet NHIDR

(Wednesday November 20, 2024)
The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take

[PoC] Critical Authentication Vulnerability in SAP BusinessObjects Business Intelligence Platform

(Wednesday November 20, 2024)
On August 13, 2024, SAP released a crucial security update to address a severe authentication vulnerability identified in the SAP BusinessObjects Business Intelligence

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

(Wednesday November 20, 2024)
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

(Wednesday November 20, 2024)
Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech giant said, is to avoid incidents like that of CrowdStrike's earlier this July, enable more apps and users to be run without admin privileges, add controls surrounding the use of unsafe apps and drivers, and offer

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

(Wednesday November 20, 2024)
A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

(Wednesday November 20, 2024)
Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below - CVE-2024-44308 (CVSS score: 8.8) - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content CVE-2024-44309 (CVSS score: 6.1

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

(Wednesday November 20, 2024)
Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network

Fintech Giant Finastra Investigating Data Breach

(Wednesday November 20, 2024)
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of a potential breach after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. 

Remediation for CVE-2024-20767 and CVE-2024-21216 Potential Exploitable Bugs

(Tuesday November 19, 2024)
Detailed remediation for two CVEs - ColdFusion path traversal & Weblogic Unauthenticated RCE.

Imperva and the Secure by Design Pledge: A Commitment to Cybersecurity Excellence

(Tuesday November 19, 2024)
The Cybersecurity and Infrastructure Security Agency (CISA) has introduced a voluntary “Secure by Design Pledge” for enterprise software manufacturers, focusing on improving the security of their products and services. This pledge outlines seven key principles, forming the core of a robust secure-by-design ethos. Let’s explore these principles and how Imperva aligns with them.   Seven Key […] The post .

Extracting Plaintext Credentials from Palo Alto Global Protect

(Tuesday November 19, 2024)
Posted on 2024-11-192024-11-19 by Ian Estimated Reading Time: 5 minutes On a recent Red Team engagement, I was poking around having a look at different files and trying to see if I could extract any information that would allow me to move laterally through the network. I was hopeful, as always, that I would land on _domain_admin_passwords_2024.xlsx_ or something (don’t laugh – we’ve all found _that_ file at least once!). Unfortunately, this time, that file wasn’t present on the...

The AI Fix #25: Beware of the superintelligence, and a spam-eating AI super gran

(Tuesday November 19, 2024)
In episode 25 of The AI Fix, humanity creates a satellite called Skynet and then loses it, Graham folds proteins in the comfort of his living room, a Florida man gets a robot dog, Grok rats on its own boss, and a podcast host discovers Brazil nuts. Graham meets an elderly grandmother who's taking on the AI scammers, our hosts learn why Google is listening to phone calls, and Mark looks at how OpenAI and Anthropic are preparing to prevent “large scale devastation” by their own AIs. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark...

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

(Tuesday November 19, 2024)
The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black Lotus Labs team at

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

(Tuesday November 19, 2024)
Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The

AI innovations for a more secure future unveiled at Microsoft Ignite

(Tuesday November 19, 2024)
Company delivers advances in AI and posture management, unprecedented bug bounty program, and updates on its Secure Future Initiative. The post .

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

(Tuesday November 19, 2024)
Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access—rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To

Malware delivered via malicious QR codes sent in the post

(Tuesday November 19, 2024)
Cybercriminals have adopted a novel trick for infecting devices with malware: sending out physical letters that contain malicious QR codes. Read more in my article on the Hot for Security blog.

Extending Burp Suite for fun and profit - The Montoya way - Part 7 (Using the Collaborator)

(Tuesday November 19, 2024)
TAGS Burp Suite Deserialization Scanner Java Serialization exploitation Template Injection vulnerability research POST NAVIGATION Previous: Fault Injection – Down the Rabbit Hole LEGAL AND ADMINISTRATIVE Viale Oceano Pacifico, 66 00144 Rome (Italy) Copyright © 2021-2024 HN Security S.r.l. We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the...

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

(Tuesday November 19, 2024)
Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 - watchTowr Labs

(Tuesday November 19, 2024)
Now the floodgates are open, and there is all sorts of post-authentication PHP functionality now within our grasp. Typically from this point, it’s down to our creativity to find the next step to RCE. Let’s take a look at what the threat actors found by continuing our diff. One file that stood out to us like a sore thumb was the change in /var/appweb/htdocs/php-packages/panui_core/src/log/AuditLog.php , which reveals a quite honest command...

Securing AI and Cloud with the Zero Day Quest

(Tuesday November 19, 2024)
Our security teams work around the clock to help protect every person and organization on the planet from security threats. We also know that security is a team sport, and that’s why we also partner with the global security community through our bug bounty programs to proactively identify and mitigate potential issues before our customers are impacted.