#vulnerability #IBMSecurityVerify #informationdisclosure #cybersecurity #CVE-2023-33833 #CVE-2023-33834 #CVE-2023-33835
DDoS attacks are malicious attempts to disrupt the regular traffic of a targeted server or network by overwhelming it with traffic. Cloudflare has seen a rise in unpredictable and complex HTTP DDoS attacks. DDoS attacks occur when botnets overwhelm a server by simultaneously trying to access it. DDoS protection is crucial to prevent damage to a company's brand and finances. Measures to protect against DDoS attacks include redundancy, scalability, SP-based mitigation, load balancing, firewalls, traffic analysis, and more. The best DDoS protection tools and services for 2023 are AppTrana, Cloudflare, Azure DDoS Protection, AWS Shield, SolarWinds SEM Tool, Webroot DNS Protection, Arbor Networks, Radware, VeriSign, and Akamai DDoS Protection. Cyber Security News selects tools based on their security features, real-time traffic data, and user-friendly interfaces. Hashtags: #DDoSProtection #CyberSecurity #CyberAttacks #NetworkSecurity #DDoSProtectionTools
Threat and Vulnerability Roundup:
1. Cisco FXOS SNMP Service Flaw allows remote attackers to cause a denial-of-service condition.
2. Notepad++ Flaw exposes vulnerabilities to threat actors for malicious purposes.
3. VMware Aria Operations faced critical vulnerabilities that allowed authentication bypass and arbitrary write access.
4. Cisco ASA SSL VPN Appliances are targeted by hackers, exploiting weak passwords and launching ransomware attacks.
5. Citrix NetScaler systems remain unpatched, resulting in targeted attacks and malware delivery.
6. BGP Error Handling Flaw can propagate like a computer worm, posing a risk to the internet's functionality.
7. Critical Flaw in Zip Libraries makes widely used ZIP packages susceptible to compromise.
8. Splunk IT Service Intelligence Injection Flaw allows unauthenticated log injection.
9. Junos OS Flaw in BGP sessions can be exploited for DoS attacks.
10. Microsoft Edge Privilege Escalation vulnerability requires user interaction for unauthorized remote access.
11. Google Chrome Security Update includes a high-severity security patch to address vulnerabilities.
12. ArubaOS Switches face vulnerabilities including stored XSS, DoS, and memory corruption.
13. Cisco BroadWorks vulnerability allows cross-site scripting, enabling arbitrary code execution on the server.
14. VMware SAML Token Signature Bypass vulnerability allows threat actors to perform VMware Guest operations.
15. New Cyber Research focuses on uncovering malicious domains and threats in AI models.
16. Smoke Loader Malware infiltrates systems, gathering geolocation information through Wi-Fi scanning.
17. DreamBus Botnet vulnerability allows remote code execution through Apache RocketMQ servers.
18. Hackers actively exploit ChatGPT AI models for cybercrime activities.
19. HTML Smuggling enables hackers to launch Nokoyawa ransomware.
20. Top 3 Malware Loaders of 2023 pose challenges for SOC teams.
21. Qakbot infrastructure disrupted by global effort led by the FBI.
22. Windows Container isolation framework can be exploited to bypass organization security.
23. North Korean hackers deploy malicious versions of Python Packages on PyPI.
24. Hackers embed weaponized Word files into PDFs to avoid detection.
25. Polish Railway System Signals compromised by cybercriminals for unknown reasons.
26. Threat actors abuse Google Groups to send fake order messages and steal personal information.
27. Android Trojan MMRat evades detection from traditional antivirus software.
28. DarkGate malware distributed via phishing emails and stolen email threads.
29. BadBazaar malware distributed through Google Play Store targets Uyghurs and other Turkic ethnic minorities.
30. Kinsing malware exploits Openfire vulnerability for unauthorized access.
Hashtags:
#CyberSecurity #ThreatsAndVulnerabilities #Cisco #Notepad++ #VMware #CyberAttacks #Citrix #BGP #ZIPLibraries #SplunkITSI #JunosOS #MicrosoftEdge #GoogleChrome #ArubaOSSwitches #BroadWorks #VMwareTools #MaliciousDomains #AIModels #MalwareLoaders #Qakbot #WindowsContainer #PythonPackages #PolishRailway #FakeOrders #AndroidTrojan #DarkGateMalware #BadBazaarMalware #KinsingMalware #CyberCrime
https://cybersecuritynews.com/threat-and-vulnerability-roundup-aug27/
Summary:
Exploit code has been published online for a critical-severity VMware security defect. The code allows hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. VMware has issued an advisory and urges network admins to apply patches. Hashtags: #VMware #cybersecurity #exploitcode #SSHauthentication
Hashtags: #VMware #cybersecurity #exploitcode #SSHauthentication
https://www.securityweek.com/exploit-code-published-for-critical-severity-vmware-security-defect/
SapphireStealer is a .NET malware that steals sensitive data from computers. It can obtain information like corporate credentials and is used for further attacks. The malware checks for active browser processes and steals cached browser credentials and files. Host-related information is collected and sent through SMTP. The malware creator also provides a malware downloader for spreading other malware. #cyberattack #cybersecurity #malware
Summary: A North Korean hacker group has deployed malicious versions of Python packages in the PyPI repository. The packages mimic open-source Python tools and use tactics like typosquatting to trick developers into installing malware. The malware gathers machine data and communicates with a command and control server. The campaign has been linked to the Lazarus Group, confirming North Korean state sponsorship.
Hashtags: #CyberAttack #NorthKorea #PyPIRepository
Junos OS Flaw Allows a Network-based Attacker to Launch DoS Attack. Vulnerability in Junos OS and Junos OS Evolved can be exploited by an unauthenticated, network-based attacker. Juniper Networks has released patches for this vulnerability. CVE-2023-4481: DoS in Routing Protocol Daemon. The issue affects both IPv4 and IPv6 implementations of eBGP and iBGP. Remediation involves upgrading to the latest versions of Junos OS. Workaround provided by Juniper Networks involves configuring BGP error tolerance. #DDoSattack #Junos #vulnerability
Brazilian spyware app vendor, WebDetetive, was hacked by activists. The hackers exploited security vulnerabilities, accessed user databases, and downloaded every dashboard record. They also deleted victim devices from the spyware network. The hacked data includes customer information, device details, and the types of data collected. #activism #Brazil #hacking #spyware #vulnerabilities
https://www.schneier.com/blog/archives/2023/09/spyware-vendor-hacked.html
Summary: Over $1 million in cash and prizes will be offered at the Pwn2Own Automotive hacking contest hosted in January at the Automotive World conference in Tokyo. The contest, organized by the Zero Day Initiative (ZDI), will have four categories: Tesla, in-vehicle infotainment (IVI), electric vehicle chargers, and operating systems. Interested security researchers have until January 18 to register and submit an entry. The contest allows remote participation, and the full rules and guidelines can be found on ZDI's blog post.
Hashtags: #Pwn2Own #AutomotiveHacking #SecurityContest #ZeroDay #CarSystems #Tesla #IVI #ElectricVehicles #OperatingSystems #Tokyo2024 #Cybersecurity
https://www.securityweek.com/over-1-million-offered-at-new-pwn2own-automotive-hacking-contest/
Sourcegraph, a code search and navigation platform, disclosed a data breach after an engineer accidentally leaked an admin access token. The breach was discovered on August 30 after a surge in API usage. The leaked token had broad privileges to view and modify account information. A user with elevated privileges gained unauthorized access to the admin dashboard. The malicious user created a proxy app allowing others to call Sourcegraph's APIs and generate access tokens. It is unclear if any data was viewed or copied, but license key recipients' names and email addresses could have been accessed. Hashtags: #Sourcegraph #DataBreach #Security
https://www.securityweek.com/sourcegraph-discloses-data-breach-following-access-token-leak/
No-Code SaaS Security Breach Prevention Guide in 2023
1. SaaS security is crucial as more businesses transition to cloud-based platforms.
2. No-code SaaS security protects apps and data in SaaS environments built with no-code platforms.
3. SaaS security is important for data protection, compliance, business continuity, reputation management, and mitigating insider threats.
4. Best practices for no-code SaaS security include access control, data encryption, regular security audits, vendor risk assessment, secure APIs, disaster recovery, secure data connections, and endpoint security.
5. DoControl offers a no-code SaaS security platform with zero-trust security features.
6. No-code SaaS security faces challenges due to non-technical users and fast software deployment.
7. Specialized security strategies and regular audits are necessary to mitigate risks and protect sensitive data in no-code SaaS environments.
Hashtags:
#SaaSsecurity #NoCode #DataProtection #Compliance #Cybersecurity #EndpointSecurity #ZeroTrust
Hackers can abuse the Windows container isolation framework to bypass security defenses. Windows containers offer process isolation mode and Hyper-V isolation mode. Job objects group processes for unified management, and nested jobs help manage multi-processed apps. Reparse points store user data, and mini-filter drivers simplify I/O filtering. The wcifs mini-filter driver separates Windows containers from the host file system. Mitigation measures include monitoring DeviceIoControl calls and validating wcifs' communication port. Stay informed about cyber security news and follow us on Google News, Linkedin, Twitter, and Facebook.
#cybersecurity #hackergroup #windows
https://cybersecuritynews.com/hackers-abuse-windows-container-isolation-framework/
Summary: A used government surveillance van is for sale in Chicago. The van is equipped with numerous LCD monitors, video recorders, and audio inputs. It is priced at $26,795.
Hashtags: #surveillance #privacy #government
https://www.schneier.com/blog/archives/2023/08/own-your-own-government-surveillance-van.html
Apple is launching the 2024 iPhone Security Research Device Program (SRDP) for security researchers. The program has already resulted in the discovery of vulnerabilities and has helped implement mitigations in Apple's operating systems. The selected researchers will receive specially-built hardware variants of the iPhone 14 Pro designed for security research. Researchers reporting issues identified using the program are eligible for rewards through Apple's bug bounty program. Interested researchers have until October 31, 2023, to apply for the program. Apple will notify the selected participants by the end of the year.
#Apple #iPhone #SecurityResearchDeviceProgram #SRDP #SecurityResearch #BugBounty
Vulnerability in WordPress Migration Plugin exposes websites to attacks. Hashtags: #WordPress #cybersecurity #vulnerability
Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities. The US Department of Energy has announced a competition to help smaller electric utilities enhance their cybersecurity. The competition, called the Advanced Cybersecurity Technology (ACT) 1 Prize Competition, is part of the Rural and Municipal Utility Cybersecurity (RMUC) Program. The competition has three phases: commitment, planning, and implementation. The deadline for the first phase is November 29, 2023. The total budget for the competition is $8.96 million in cash and technical assistance.
#EnergyDepartment #CybersecurityCompetition #SmallElectricUtilities #ACT1PrizeCompetition #RMUCProgram
1. Cybercriminal groups in Vietnam are increasingly targeting Facebook and Meta Business accounts, using lure themes shared through email and social media to infect victims with information-stealing malware.
2. The stolen information, such as Facebook session cookies and login credentials, allows the attackers to gain access to the targeted accounts and run fraudulent ads.
3. The attackers sell ads to other cybercriminals, enabling them to make money through extortion, defamation, and running fraudulent advertisements.
4. Two threat clusters, Ducktail and Duckport, have been identified as being involved in these attacks, with Ducktail recently expanding to target X advertising accounts.
5. The involvement of multiple groups indicates a certain level of engagement and specialization within the cybercriminal space.
6. Meta, as the second-largest advertising platform globally, attracts threat actors looking to abuse the platform for financial gain.
#Cybersecurity #MalwareAttacks #FacebookThreats #FraudulentAds #Cybercriminals #Vietnam
https://www.infosecurity-magazine.com/news/facebook-accounts-targeted-vietnam/
Cyber-criminals exploit Airbnb for fraud. Stolen data is sold on an underground marketplace. Session cookies are used to gain unauthorized access. Users must be aware of hidden risks. #Cybercrime #AirbnbSafety
https://www.infosecurity-magazine.com/news/airbnb-breeding-ground-cybercrime/
1. 49% of European firms lack a formal BYOD policy, leaving them vulnerable to security risks. #BYOD #security
2. Organizations are experiencing an increase in logins from personal devices, highlighting the need for a structured BYOD policy. #securityrisks #personaldevices
3. Key findings from a survey show that 43% of organizations are more concerned about compliance issues compared to the previous year. #compliance #cybersecurity
4. 53% of organizations are implementing cost-cutting measures in IT and security, relying on a limited number of vendors. #costcutting #ITsecurity
5. 41% of respondents express concerns about vulnerabilities in Apple operating systems and the volume of patches required. #Applevulnerabilities #patchupdates
6. Jamf suggests enrolling employees in a BYOD or MDM program and emphasizing management controls and cybersecurity practices. #BYODimplementation #securitycontrols
https://www.infosecurity-magazine.com/news/byob-survey-finds-49-eu-firms/
Splunk IT Service Intelligence has a flaw that allows attackers to inject ANSI codes. #Splunk #vulnerability #ANSICodes
https://cybersecuritynews.com/splunk-it-service-intelligence-flaw/