FlagThis

Malicious actors are weaponizing legitimate security testing tools by using OAST (Out-of-Band Application Security Testing) techniques within npm, PyPI, and RubyGems ecosystems. Attackers are using malicious packages in these ecosystems to exfiltrate data and establish command and control channels. This enables multi-stage attacks using seemingly legitimate infrastructure. These packages impersonate legitimate libraries to steal developer secrets.

A critical vulnerability in the UpdraftPlus WordPress plugin has exposed over 3 million websites to unauthenticated PHP object injection attacks. This vulnerability allows attackers to inject malicious code, potentially leading to complete site compromise. The issue highlights the severe risks associated with vulnerable plugins in popular CMS platforms and the importance of regular updates.

The cybersecurity industry is seeing increased discussion and research around emerging threats and techniques. This includes detection of NonEuclid RAT malware which enables adversaries to gain unauthorized access and remote control, and Linux Immutable malware process binary attacks. Security advisories have been released by IBM, HPE, and Dell, highlighting the need for vigilance and proactive security measures. Research is also focusing on event streaming technologies such as Apache Kafka for data processing, and visual search privacy techniques in Apple Photos. The need for strong passwords is also emphasized. These reports cover various areas of Cyber Security, and not one specific vendor.

Malicious npm packages are targeting Ethereum developers, impersonating Hardhat plugins to steal private keys and other sensitive data. These packages, with names similar to legitimate Hardhat plugins, are downloaded over 1,000 times, potentially backdooring production systems and causing financial losses. The attackers use Ethereum smart contracts to store and distribute Command & Control (C2) server addresses to compromised systems. The attack uses a supply chain vulnerability.

A high-severity vulnerability has been discovered in ProjectDiscovery’s Nuclei, an open-source vulnerability scanner. This flaw, tracked as CVE-2024-43405, could allow attackers to bypass signature checks and potentially execute malicious code. The vulnerability carries a CVSS score of 7.4. It is crucial for users to update to a patched version to mitigate this risk. The vulnerability highlights the need for robust security practices in open-source security tools.

Tenable has disabled two Nessus scanner agent versions (10.8.0 and 10.8.1) after discovering a critical issue where a faulty differential plugin update was causing agents to go offline. This issue impacts the Nessus agents ability to scan for vulnerabilities and collect security data. Tenable has released version 10.8.2 to fix this problem and has provided instructions on how to bring the affected agents back online. This is a critical update for all users of the Tenable Nessus Agent.

Several news outlets report on the growing interest in quantum computing and its potential to revolutionize various fields. Research is exploring how quantum computing can redefine randomness and advance machine learning capabilities by utilizing concepts like Quantum Support Vector Machines (QSVM). Additionally, research is focusing on developing quantum-resistant encryption methods to safeguard internet security from future quantum attacks. The advancements highlight quantum computing as a pivotal technology for the future.

Chinese state-sponsored threat actors compromised the US Treasury Department by exploiting a vulnerability in a third-party software provider, BeyondTrust. The attackers accessed employee workstations and exfiltrated unclassified documents. This incident highlights the risk associated with third-party dependencies and supply chain attacks. The attackers gained remote access, raising concerns about the security posture of government agencies. The affected systems were not immediately identified but were confirmed to be workstations.

A 20-year-old U.S. Army soldier, identified as Kiberphant0m, has been arrested for allegedly stealing and selling sensitive customer call records from AT&T and Verizon. The suspect, a communications specialist previously stationed in South Korea, is accused of extorting the telecommunication companies and leaking customer data. This incident highlights the risk of insider threats and the potential damage caused by unauthorized access to sensitive customer information.

The soldier allegedly used his position and access to systems to exfiltrate the data. The arrest comes after a thorough investigation and raises concerns about the security protocols used by telecommunication companies to protect customer data from insider threats and the need for strict access controls and continuous monitoring to prevent such incidents in the future.

A significant data leak exposed the location data of approximately 800,000 Volkswagen electric vehicles (EVs), encompassing models from VW, Audi, Seat, and Skoda. The leak, caused by a cloud misconfiguration, revealed real-time GPS locations of the vehicles, along with other sensitive data. This incident raises serious privacy concerns, particularly as the exposed data could be linked to vehicle owners, including sensitive individuals.

The data leak allowed unauthorized access to vehicle locations, potentially enabling surveillance and tracking of individuals. The incident highlights the critical importance of robust cloud security practices and the need for stringent data protection measures by automotive manufacturers and their software subsidiaries. The incident was brought to light by a whistleblower and security researchers.

A critical vulnerability, CVE-2024-12856, has been discovered in Four-Faith routers, models F3x24 and F3x36, allowing for remote code execution. The vulnerability, located in the /apply.cgi endpoint, can be exploited by manipulating the adj_time_year parameter. This flaw allows attackers to gain reverse shells on vulnerable devices, potentially leading to malware installation, data theft, and significant network disruptions. Over 15,000 devices with default credentials have been identified as being at high risk, emphasizing the urgent need for remediation.

Threat actors are actively exploiting this vulnerability to gain unauthorized access. Users of Four-Faith routers are strongly advised to update their devices to the latest firmware and implement strong password policies immediately. The vulnerability poses a serious threat to industrial networks and critical infrastructure relying on these devices.

Apache has released security updates to address multiple critical vulnerabilities, including a SQL Injection flaw, affecting MINA, HugeGraph-Server, and Traffic Control products. These vulnerabilities, if exploited, could allow attackers to compromise systems, highlighting the importance of immediate patching. Organizations using these Apache products should prioritize updating them to the latest versions to mitigate the risk of exploitation.

Microsoft has issued an urgent warning to .NET developers, urging them to update their app and pipeline configurations to avoid using the ‘azureedge.net’ domain for installing .NET components. The domain will soon become unavailable due to the bankruptcy and imminent shutdown of CDN provider Edgio. This change will affect the delivery of .NET installers and archives and requires developers to update their dependencies promptly to prevent application failures. This issue highlights the fragility of relying on third-party services for critical application dependencies.

LineageOS 22.1, based on Android 15 QPR1, has been released, marking a significant milestone in the custom Android ROM world. This release incorporates features like Twelve, a new music app, and Camelot, a PDF viewer. The project highlights the speed of rebase to Android 15 code-base. This release highlights the innovation and community contributions in the custom ROM space, and the importance of keeping up to date with Android.

DEF CON 32 is focused on offensive security testing and safeguarding the final frontier. The conference features presentations on using AI computer vision in OSINT data analysis, reflecting the growing importance of these techniques in cybersecurity. The content originates from the conference’s events and is shared via various platforms, highlighting the significance of community-driven security research.

Rhode Island’s health benefits system was breached, leading to a data leak on the dark web, compromising residents’ personal data. The compromised data included sensitive information from the state’s health benefits system. This incident demonstrates the ongoing threats to government infrastructure and highlights the importance of robust security measures. The breach underscores the necessity for continuous monitoring and improvements in state-level cybersecurity protocols.

Multiple reports highlight the growing threat of supply chain attacks using large language models (LLMs). Attackers are increasingly using stolen credentials to jailbreak existing LLMs for spear phishing and social engineering campaigns. This evolution poses significant risks to organizations relying on software and services provided via supply chains, and new security measures are needed to mitigate these threats.

Microsoft has issued a warning about a bug affecting Windows 11, version 24H2, when installed via media containing the October or November 2024 security updates. This issue causes the operating system to become unable to receive further security updates. The bug does not impact devices updated through Windows Update or the Microsoft Update Catalog. Users are advised to avoid using affected installation media.