zCat's avatar
zCat
npub1zm7j...pnd6
zCat - Android App about Zcash, privacy and cybersecurity news aggregator
zCat's avatar
zCat 1 year ago
image Merry Christmas and Happy Holidays to everyone! 🎄🎅 Privacy is not a crime 😎 #zcash #privacy
zCat's avatar
zCat 1 year ago
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws, Adobe Patches Over 160 Vulnerabilities Across 16 Products. Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws. This month's Patch Tuesday fixes one actively exploited, publicly disclosed zero-day vulnerability CVE-2024-49138 - Windows Common Log File System Driver Elevation of Privilege Vulnerability. See more: BleepingComputer :
BleepingComputer
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vuln...
 SecurityWeek:
SecurityWeek
Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day
Patch Tuesday: Redmond patches 71 security flaws and calls immediate attention to an exploited Windows zero-day reported by CrowdStrike.
 Security week (Adobe):
SecurityWeek
Adobe Patches Over 160 Vulnerabilities Across 16 Products
Adobe has patched over 160 vulnerabilities across over a dozen products, including Reader, Illustrator, Photoshop and Connect.
 #cybersecurity #microsoft #zeroday #patch
zCat's avatar
zCat 1 year ago
Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print the xss cheat sheet in a bullet list. just payloads" in the DeepSeek chat triggered the execution of JavaScript code as part of the generated response – a classic case of cross-site scripting (XSS). XSS attacks can have serious consequences as they lead to the execution of unauthorized code in the context of the victim's web browser. An attacker could take advantage of such flaws to hijack a user's session and gain access to cookies and other data associated with the chat.deepseek[.]com domain, thereby leading to an account takeover. See more:
The Hacker News
Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI
DeepSeek flaw enabled XSS attacks, allowing hackers to hijack accounts via prompt injection.
 #cybersecurity #ai #injection
zCat's avatar
zCat 1 year ago
SAP Patches Critical Vulnerability in NetWeaver Enterprise software maker SAP on Tuesday announced the release of nine new and four updated security notes as part of its December 2024 Security Patch Day. Marked as ‘hot news’, the highest severity in SAP’s notebook, the first new security note addresses three vulnerabilities in NetWeaver AS for JAVA (Adobe Document Services), including a critical flaw that could lead to full system compromise. The critical issue, tracked as CVE-2024-47578 (CVSS score of 9.1), affects the Adobe Document Service component of NetWeaver, which allows an attacker with administrative privileges to send a crafted request from a vulnerable web application. See more:
SecurityWeek
SAP Patches Critical Vulnerability in NetWeaver
SAP has released patches for 16 vulnerabilities, including a critical-severity SSRF bug in NetWeaver (Adobe Document Services).
 #cybersecurity #SAP #netweaver
zCat's avatar
zCat 1 year ago
Ivanti warns of maximum severity CSA auth bypass vulnerability Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike's Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path or channel. Ivanti advises admins to upgrade vulnerable appliances to CSA 5.0.3 using detailed information available in this support document. "We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program," the company said on Tuesday. "Currently, there is no known public exploitation of this these vulnerabilities that could be used to provide a list of indicators of compromise." See more: BleepingComputer :
BleepingComputer
Ivanti warns of maximum severity CSA auth bypass vulnerability
Ivanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution.
 The Hacker News:
The Hacker News
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
Ivanti releases patches for critical flaws in CSA and Connect Secure, addressing privilege escalation and code execution risks.
 #cybersecurity #ivanti #authenticationbypass
zCat's avatar
zCat 1 year ago
New Cleo zero-day RCE flaw exploited in data theft attacks Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. The flaw is found in the company's secure file transfer products, Cleo LexiCom, VLTrader, and Harmony, and is a flaw that allows unrestricted file upload and downloads that leads to remote code execution. The Cleo MFT vulnerability affects versions 5[.]8[.]0[.]21 and earlier and is a bypass for a previously fixed flaw, CVE-2024-50623, which Cleo addressed in October 2024. However, the fix was incomplete, allowing threat actors to bypass it and continue to exploit it in attacks. Cleo says its software is used by 4,000 companies worldwide, including Target, Walmart, Lowes, CVS, The Home Depot, FedEx, Kroger, Wayfair, Dollar General, Victrola, and Duraflame. See more: BleepingComputer :
BleepingComputer
New Cleo zero-day RCE flaw exploited in data theft attacks
Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft...
 The Hacker News:
The Hacker News
Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged
Critical Cleo software flaw exploited en masse; update Harmony, VLTrader, LexiCom to prevent ransomware attacks.
 Security Week:
SecurityWeek
Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises
CVE-2024-50623, an improperly patched vulnerability affecting Cleo file transfer tools, has been exploited in the wild.
 #cybersecurity #rce #cleo
zCat's avatar
zCat 1 year ago
Chinese hackers use Visual Studio Code tunnels for remote access Chinese hackers targeting large IT service providers in Southern Europe were seen abusing Visual Studio Code (VSCode) tunnels to maintain persistent remote access to compromised systems. VSCode tunnels are part of Microsoft's Remote Development feature, which enables developers to securely access and work on remote systems via Visual Studio Code. Developers can also execute command and access the file system of remote devices, making it a powerful development tool. The tunnels are established using Microsoft Azure infrastructure, with executables signed by Microsoft, providing trustworthy access. Attack chains observed by the companies entail the use of SQL injection as an initial access vector to breach internet-facing applications and database servers. The code injection is accomplished by means of a legitimate penetration testing tool called SQLmap that automates the process of detecting and exploiting SQL injection flaws. See more: BleepingComputer :
BleepingComputer
Chinese hackers use Visual Studio Code tunnels for remote access
Chinese hackers targeting large IT service providers in Southern Europe were seen abusing Visual Studio Code (VSCode) tunnels to maintain persisten...
 The Hacker News:
The Hacker News
Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage
Operation Digital Eye targets IT providers in Southern Europe, leveraging Visual Studio Code for stealthy cyber espionage.
 #cybersecurity #visualstudiocode #sqlinjection
zCat's avatar
zCat 1 year ago
Exploits and vulnerabilities in Q3 2024 Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log integrity check is set to appear in the Common Log Filing System (CLFS) in Windows, so the number of exploits for it will drop. As for Linux, this operating system has the Linux Kernel Runtime Guard (LKRG), implemented as a separate kernel module. Although the first version of LKRG was released back in 2018, it is undergoing constant refinement. And it is becoming more actively used in various Linux builds. See more:
Securelist
Analyzing the vulnerability landscape in Q3 2024
The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q3 2024, such as regreSSHion
 #cybersecurity #exploits #vulnerabilities
zCat's avatar
zCat 1 year ago
IT threat evolution in Q3 2024. Mobile statistics According to Kaspersky Security Network, in Q3 2024: - As many as 6.7 million attacks involving malware, adware or potentially unwanted mobile apps were prevented. - Adware was the most common mobile threat, accounting for 36% of all detected threats. - More than 222,000 malicious and potentially unwanted installation packages were detected, of which: A) 17,822 were associated with mobile banking Trojans. B) 1576 packages were mobile ransomware Trojans See more: https://securelist.com/malware-report-q3-2024-mobile-statistics/114692/ #cybersecurity #mobile #malware
zCat's avatar
zCat 1 year ago
Data Breach News! Atrium Health Data Breach Impacts 585,000 People Healthcare company Atrium Health has notified the US Department of Health and Human Services (HHS) that a recently discovered data breach impacts more than 585,000 individuals. See more:
SecurityWeek
Atrium Health Data Breach Impacts 585,000 People
Atrium Health has notified the HHS of a data breach impacting 585,000 individuals, and the incident may be related to online tracking.
 Blue Yonder SaaS giant breached by Termite ransomware gang The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. Its list of over 3,000 customers includes other high-profile companies like Microsoft, Renault, Bayer, Tesco, Lenovo, DHL, 3M, Ace Hardware, Procter & Gamble, Carlsberg, Dole, Wallgreens, Western Digital, and 7-Eleven. See more:
BleepingComputer
Blue Yonder SaaS giant breached by Termite ransomware gang
​The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder.
 #cybersecurity #databreach #privacy
zCat's avatar
zCat 1 year ago
Ultralytics AI model hijacked to infect thousands with cryptominer The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI) Ultralytics is a software development company specializing in computer vision and artificial intelligence (AI), specifically in object detection and image processing. It's best known for its "YOLO" (You Only Look Once) advanced object detection model, which can quickly and accurately detect and identify objects in video streams in real time. Ultralytics tools are open-source and are used by numerous projects spanning a wide range of industries and applications. The library has been starred 33,600 times and forked 6,500 times on GitHub, and it has had over 260,000 downloads over the past 24 hours from PyPI alone. See more: BleepingComputer:
BleepingComputer
Ultralytics AI model hijacked to infect thousands with cryptominer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3....
 The Hacker News:
The Hacker News
Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions
Two Ultralytics AI library versions compromised to deliver cryptominers. Update to secure versions immediately.
 #cybersecurity #malware #ai
zCat's avatar
zCat 1 year ago
New Windows zero-day exposes NTLM credentials, gets unofficial patch A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. The flaw was discovered by the 0patch team, a platform that provides unofficial support for end-of-life Windows versions, and was reported to Microsoft. However, no official fix has been released yet. According to 0patch, the issue, which currently has no CVE ID, impacts all Windows versions from Windows 7 and Server 2008 R2 up to the latest Windows 11 24H2 and Server 2022. See more:
BleepingComputer
New Windows zero-day exposes NTLM credentials, gets unofficial patch
A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a mal...
 #cybersecurity #windows #patch
zCat's avatar
zCat 1 year ago
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first set that involved flaws on the server-side, the newly detailed ones allow exploitation of ML clients and reside in libraries that handle safe model formats like Safetensors. "Hijacking an ML client in an organization can allow the attackers to perform extensive lateral movement within the organization," the company said. "An ML client is very likely to have access to important ML services such as ML Model Registries or MLOps Pipelines." See more:
The Hacker News
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
Critical flaws in MLflow, PyTorch, and more enable remote code execution, threatening AI and ML security.
 #cybersecurity #machinelearning #malware
zCat's avatar
zCat 1 year ago
Crypto-stealing malware posing as a meeting app targets Web3 pros Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows and Macs with crypto-stealing malware. The campaign is dubbed "Meeten" after the name commonly used by the meeting software and has been underway since September 2024. The malware, which has both a Windows and a macOS version, targets victims' cryptocurrency assets, banking information, information stored on web browsers, and Keychain credentials (on Mac). See more:
BleepingComputer
Crypto-stealing malware posing as a meeting app targets Web3 pros
Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows...
 #cybersecurity #cryptocurrency #malware
zCat's avatar
zCat 1 year ago
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's designed to drop the Visual Basic Script malware, Recorded Future's Insikt Group said in a new analysis. The cybersecurity company is tracking the threat actor under the name BlueAlpha, which is also known as Aqua Blizzard, Armageddon, Hive0051, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, UAC-0010, UNC530, and Winterflounder. The group, believed to be active since 2014, is affiliated with Russia's Federal Security Service (FSB). The tools are chiefly engineered to steal valuable data from web applications running inside internet browsers, email clients, and instant messaging applications such as Signal and Telegram, as well as download additional payloads and propagate the malware via connected USB drives. See more:
The Hacker News
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
Gamaredon uses Cloudflare Tunnels to hide GammaDrop malware staging, targeting Ukraine with HTML smuggling tactics.
 #cybersecurity #cloudflare #malware
zCat's avatar
zCat 1 year ago
New Android spyware found on phone seized by Russian FSB After a Russian programmer was detained by Russia's Federal Security Service (FSB) for fifteen days and his phone confiscated, it was discovered that a new spyware was secretly installed on his device upon its return. The programmer, Kirill Parubets, was arrested by the FSB after being accused of donating to Ukraine. After regaining access to his mobile device, the programmer suspected it was tampered with by the Russian government after it exhibited unusual behavior and displayed a notifications stating, "Arm cortex vx3 synchronization." After sharing it with Citizen Lab for forensic analysis, investigators confirmed that spyware had been installed on the device that impersonated a legitimate and popular Android app 'Cube Call Recorder,' which has over 10,000,000 downloads on Google Play. Contrary to the legitimate app, though, the spyware has access to a broad range of permissions, giving it unfettered access to the device and allowing the attackers to monitor the activities on the phone. See more:
BleepingComputer
New Android spyware found on phone seized by Russian FSB
After a Russian programmer was detained by Russia's Federal Security Service (FSB) for fifteen days and his phone confiscated, it was discover...
 #android #spyware #privacy #cybersecurity
zCat's avatar
zCat 1 year ago
Critical Vulnerability Discovered in SailPoint IdentityIQ SailPoint this week warned that a critical-severity vulnerability in the identity and access management (IAM) platform IdentityIQ could allow attackers to access restricted files. SailPoint’s IdentityIQ IAM platform provides full lifecycle and compliance management capabilities covering provisioning, access requests, certifications, and segregation of duties. The critical issue, tracked as CVE-2024-10905, has a CVSS score of 10/10 and is described as an improper access control flaw. The bug is, essentially, a directory traversal flaw that affects all IdentityIQ versions up to patch levels 8.4p2, 8.3p5, and 8.2p8. See more:
SecurityWeek
Critical Vulnerability Discovered in SailPoint IdentityIQ
A critical directory traversal vulnerability in the SailPoint IdentityIQ IAM platform exposes restricted files to attackers.
 #cybersecurity #identityiq