zCat's avatar
zCat
npub1zm7j...pnd6
zCat - Android App about Zcash, privacy and cybersecurity news aggregator
zCat's avatar
zCat 1 year ago
IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR IBM on Monday announced patches for multiple vulnerabilities across its products, including two high-severity remote code execution (RCE) issues in Data Virtualization Manager and Security SOAR. Tracked as CVE-2024-52899 (CVSS score of 8.5), the flaw in Data Virtualization Manager for z/OS could allow a remote, authenticated attacker to inject malicious JDBC URL parameters, which could lead to arbitrary code execution on the server. IBM has released fix packs for Data Virtualization Manager for z/OS versions 1.1 and 1.2, and has included instructions on how to download them in its advisory. See more:
SecurityWeek
IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR
IBM has released patches for two high-severity remote code execution vulnerabilities in Data Virtualization Manager and Security SOAR.
 #cybersecurity #ibm #rce
zCat's avatar
zCat 1 year ago
VMware Patches High-Severity Vulnerabilities in Aria Operations Virtualization software vendor VMware on Tuesday released a high-severity bulletin with patches for at least five security defects in its Aria Operations product. The company documented five distinct vulnerabilities in the cloud IT operations platform and warned that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks. See more:
SecurityWeek
VMware Patches High-Severity Vulnerabilities in Aria Operations
The company warns that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks.
 #cybersecurity #vmware
zCat's avatar
zCat 1 year ago
Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites Two critical vulnerabilities in CleanTalk’s anti-spam plugin for WordPress could allow attackers to execute arbitrary code remotely, without authentication, Defiant warns. The issues, tracked as CVE-2024-10542 and CVE-2024-10781 (CVSS score of 9.8), affect the ‘Spam protection, Anti-Spam, FireWall by CleanTalk’ plugin, which has more than 200,000 active installations. Both flaws could allow remote, unauthenticated attackers to install and activate arbitrary plugins, including vulnerable plugins that could be exploited for remote code execution (RCE). See more: Security Week:
SecurityWeek
Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites
Two vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin allowed attackers to execute arbitrary code remotely.
 The Hacker News:
The Hacker News
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Critical flaws in CleanTalk’s WordPress plugin allow remote code execution; update to secure your site.
 #cybersecurity #wordpress #rce
zCat's avatar
zCat 1 year ago
Starbucks, Grocery Stores Hit by Blue Yonder Ransomware Attack A ransomware attack on supply chain management software provider Blue Yonder has caused significant disruptions for some of the company’s customers, including several major firms. Arizona-based Blue Yonder revealed on November 21 that its managed services hosted environment had been experiencing disruptions due to a ransomware attack. The company immediately launched an investigation and started working on restoring impacted services. In the latest update shared on its website on November 24, Blue Yonder said it had been making steady progress, but did not have a timeline for fully restoring services. Blue Yonder said it hired a cybersecurity firm to assist its investigation and restoration efforts, but did not share any other information on the attack itself. See more:
SecurityWeek
Starbucks, Grocery Stores Hit by Blue Yonder Ransomware Attack
Blue Yonder has been targeted in a ransomware attack that caused significant disruptions for some customers.
 #cybersecurity #ransomware
zCat's avatar
zCat 1 year ago
CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that could be exploited to achieve arbitrary code execution remotely. Fixes (version 9.4.0.484) for the security shortcoming were released by the network hardware vendor in March 2023. "Array AG/vxAG remote code execution vulnerability is a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication," Array Networks said. "The product can be exploited through a vulnerable URL." See more:
The Hacker News
CISA Urges Agencies to Patch Critical
CISA flags Array Networks flaw CVE-2023-28461 for active exploitation; agencies urged to patch by December 16.
 #cybersecurity #arraynetworks
zCat's avatar
zCat 1 year ago
Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks Zyxel has issued a fresh warning on threat actors exploiting a recently patched command injection vulnerability in its firewalls after security firms have observed a ransomware group targeting the flaw for initial compromise. The bug, tracked as CVE-2024-42057, could allow remote attackers to execute OS commands on vulnerable devices, without authentication. Zyxel announced patches for this flaw and six other security defects on September 3, explaining that only devices configured in User-Based-PSK authentication mode on which a valid user with a long username exceeding 28 characters exists are affected. Zyxel addressed these vulnerabilities with the release of firmware version 5.39 for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series devices. See more:
SecurityWeek
Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks
A ransomware group has been observed exploiting a recently patched command injection vulnerability in Zyxel firewalls for initial access.
 #cybersecurity #ransomware #zyxel
zCat's avatar
zCat 1 year ago
QNAP addresses critical flaws across NAS, router software QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical severity flaws that users should address as soon as possible. See more:
BleepingComputer
QNAP addresses critical flaws across NAS, router software
QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical severity flaws that users s...
 #cybersecurity
zCat's avatar
zCat 1 year ago
npm Package Lottie-Player Compromised in Supply Chain Attack A targeted supply chain attack involving the widely used npm package @lottiefiles/lottie-player has been uncovered, highlighting vulnerabilities in software dependencies. The @lottiefiles/lottie-player package was downloaded approximately 84,000 times weekly and is used to embed and play Lottie animations on websites. The malicious updates contained altered code that introduced pop-ups prompting users to connect their web3 wallets. See more:
Infosecurity Magazine
npm Package Lottie-Player Compromised in Supply Chain Attack
npm package @lottiefiles/lottie-player hacked with malicious code, draining crypto wallets via web3 pop-ups
 #cybersecurity #malware #cryptocurrency
zCat's avatar
zCat 1 year ago
Vulnerabilities Expose mySCADA myPRO Systems to Remote Hacking The myPRO product of Czech industrial automation company mySCADA is affected by several critical vulnerabilities, including ones that can allow a remote, unauthenticated attacker to take complete control of the targeted system. myPRO is a human-machine interface (HMI) and supervisory control and data acquisition (SCADA) system designed for visualizing and controlling industrial processes. The product can run on Windows, macOS and Linux, including servers, PCs and embedded devices. See more:
SecurityWeek
Vulnerabilities Expose mySCADA myPRO Systems to Remote Hacking
Critical vulnerabilities patched by mySCADA in its myPRO HMI/SCADA product can allow remote and unauthenticated takeover of the system.
 #cybersecurity
zCat's avatar
zCat 1 year ago
PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram. The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times to date. By putting the Python library in quarantine, it prevents further installation by clients and cannot be modified by its maintainers. Cybersecurity outfit Phylum, which shared details of the software supply chain attack last week, said the author of the package published the malicious update to PyPI, while keeping the library's GitHub repository clean in an attempt to evade detection. See more:
The Hacker News
PyPI Python Library
Malicious PyPI package "aiocpa" exfiltrates crypto keys via Telegram, emphasizing supply chain security gaps.
 #cybersecurity #supplychainattack #crypto
zCat's avatar
zCat 1 year ago
Zcash went through successful second halving during the weekend with network upgrade 6 (NU6)! See more: Electric coin company:
Electric Coin Company
Zcash Halvening & NU6: Embracing the New Dev Fund
Today, we have entered a new era for Zcash, as we ushered in its second halvening and with it, the activation of Network Upgrade 6 (NU6), which imp...
 Gemini:
Gemini
Zcash Halving - NU6 Network Upgrade
About the Zcash NU6 Network Upgrade What is the NU6 network upgrade? When will the NU6 upgrade take place? Will Gemini support the NU6 upgrade? Wi...
 #zcash #halving #cryptocurrency
zCat's avatar
zCat 1 year ago
MITRE shares 2024's top 25 most dangerous software weaknesses The MITRE Corporation has updated its Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list, which reflects the latest trends in the cyber threat landscape. The list provides information on the most common and impactful weaknesses that threat actors exploit in attacks to take over systems, steal sensitive information, and cause disruptions. Cross-site scripting (XSS) vulnerabilities are at the top of this year’s CWE Top 25 list, up from the second position last year, with out-of-bounds write flaws dropping to the second place. While SQL injection bugs have remained on the third position, cross-site request forgery (CSRF), path traversal, and out-of-bounds read defects went up by five, three, and one place, respectively, displacing OS command injection and use-after-free issues. See more:
BleepingComputer
MITRE shares 2024's top 25 most dangerous software weaknesses
MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclose...
 #cybersecurity
zCat's avatar
zCat 1 year ago
Hackers abuse Avast anti-rootkit driver to disable defenses A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components. The malware that drops the driver is a variant of an AV Killer of no particular family. It comes with a hardcoded list of 142 names for security processes from various vendors. Since the driver can operate at kernel level, it provides access to critical parts of the operating system and allows the malware to terminate processes. Security researchers at cybersecurity company Trellix recently discovered a new attack that leverages the bring-your-own-vulnerable-driver (BYOVD) approach with an old version of the anti-rootkit driver to stop security products on a targeted system. See more Bleeping Computer:
BleepingComputer
Hackers abuse Avast anti-rootkit driver to disable defenses
A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target s...
 The Hacker News:
The Hacker News
Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections
Malware exploits Avast driver to bypass antivirus, terminate 142 processes, and disable security protections
 #cybersecurity #malware #avast
zCat's avatar
zCat 1 year ago
PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. The packages, named gptplus and claudeai-eng, were uploaded by a user named "Xeroline" in November 2023, attracting 1,748 and 1,826 downloads, respectively. Both libraries are no longer available for download from PyPI. See more:
The Hacker News
PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries
Fake Python libraries on PyPI impersonate AI tools like GPT-4 and Claude, spreading JarkaStealer malware.
 #cybersecurity #malware #jakartastealer
zCat's avatar
zCat 1 year ago
Fortinet VPN design flaw hides successful brute-force attacks A design flaw in the Fortinet VPN server's logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins. Although the brute-force attack is still visible, a new technique allows logging only failed attempts and not successful ones, generating a false sense of security. See more:
BleepingComputer
Fortinet VPN design flaw hides successful brute-force attacks
A design flaw in the Fortinet VPN server's logging mechanism can be leveraged to conceal the successful verification of credentials during a b...
 #cybersecurity #fortinet
zCat's avatar
zCat 1 year ago
ICS Security: 145,000 Systems Exposed to Web, Many Industrial Firms Hit by Attacks Worldwide there are more than 145,000 internet-exposed industrial control systems (ICS), according to internet intelligence platform provider Censys. The company’s latest ‘State of the Internet’ report also reveals that the devices are spread out across 175 countries, with 38% of them located in North America, 35% in Europe and 22% in Asia. In the United States, there are 48,000 exposed systems. Censys previously reported seeing 40,000 internet-exposed ICS systems in the United States. In comparison, a Shodan search currently shows roughly 110,000 worldwide ICS systems directly accessible from the web. See more SecurityWeek
SecurityWeek
ICS Security: 145,000 Systems Exposed to Web, Many Industrial Firms Hit by Attacks
Censys and Kaspersky publish ICS security reports looking into exposure to attacks and actual attacks suffered by industrial organizations.
 The Hacker News:
The Hacker News
Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online
More than 145,000 internet-exposed ICS devices found globally, revealing significant vulnerabilities in critical infrastructure.
 #cybersecurity
zCat's avatar
zCat 1 year ago
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both recruiters and job seekers to generate illicit revenue for the sanction-hit nation. Sapphire Sleet, which is known to be active since at least 2020, overlaps with hacking groups tracked as APT38 and BlueNoroff. In November 2023, the tech giant revealed that the threat actor had established infrastructure that impersonated skills assessment portals to carry out its social engineering campaigns See more:
The Hacker News
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
North Korea's Sapphire Sleet stole $10M in crypto using LinkedIn scams, AI tools, and malware.
 #cybersecurity #cryptocurrency #malware
zCat's avatar
zCat 1 year ago
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asyncshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as APT-K-47, is a threat actor of South Asian origin that has been active since at least 2022, primarily targeting Pakistani entities. The group's tactics and tooling have been found to share similarities with those of other threat actors operating in the regions, such as SideWinder, Confucius, and Bitter. See more:
The Hacker News
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
APT-K-47, aka Mysterious Elephant, exploits Hajj themes and Asyncshell malware in Pakistan-targeted cyberattacks.
 #cybersecurity #malware #asyncshell