menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Info. Security News News

Info. Security News News

source image

Socprime

7d

read

4

img
dot

Image Credit: Socprime

CVE-2024-55591 Detection: Critical Zero-Day Vulnerability in Fortinet FortiOS and FortiProxy Actively Exploited in the Wild

  • CVE-2024-55591 is a critical zero-day vulnerability affecting FortiOS and FortiProxy.
  • The vulnerability allows remote attackers to gain super-admin privileges on affected systems.
  • Fortinet has confirmed active exploitation of CVE-2024-55591 in the wild.
  • Users are advised to take immediate action to mitigate the vulnerability.

Read Full Article

like

Like

share

Share

source image

Schneier

7d

read

332

img
dot

FBI Deletes PlugX Malware from Thousands of Computers

  • The FBI has successfully removed the PlugX malware from around 4,258 U.S.-based computers and networks.
  • The malware connected to a command-and-control server operated by a hacking group.
  • French intelligence agencies provided the technique to make PlugX self-destruct.
  • The FBI used the command-and-control server to request IP addresses and sent a command to delete PlugX from infected machines.

Read Full Article

like

20 Likes

share

4 Shares

source image

Securityaffairs

7d

read

99

img
dot

Image Credit: Securityaffairs

MikroTik botnet relies on DNS misconfiguration to spread malware

  • Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware.
  • The botnet comprises MikroTik routers with various firmware versions, including recent ones.
  • The botnet uses compromised MikroTik devices as SOCKS proxies, masking malicious traffic origins.
  • The botnet operators exploit an improperly configured DNS record for the sender policy framework (SPF) to enable spoofing.

Read Full Article

like

6 Likes

share

1 Share

source image

Amazon

7d

read

125

img
dot

Image Credit: Amazon

Preventing unintended encryption of Amazon S3 objects

  • The AWS Customer Incident Response Team (CIRT) and security monitoring systems have detected an increase in unusual encryption activity in Amazon S3 buckets
  • A pattern was detected in which malicious actors obtained valid customer credentials to re-encrypt objects using server-side encryption using client-provided keys (SSE-C) and overwrite existing data
  • AWS recommends several best practices to prevent the unauthorized use of SSE-C, including blocking the use of SSE-C unless required by an application, implementing data recovery procedures, monitoring resources for unexpected access patterns, and implementing short-term credentials
  • Customers can block the use of SSE-C with a resource policy or by using resource control policy (RCP) in AWS Organizations
  • Enabling S3 Versioning can help to keep multiple versions of an object in a bucket, protecting against accidental deletion or overwriting of data
  • Customers should monitor access to their data using AWS CloudTrail or S3 server access logs and create CloudWatch alerts based on specific metrics or logs to detect anomalous behavior quickly
  • Short-term credentials backed by longer-term user identities that are protected by Multi-factor Authentication (MFA) can control access to AWS resources without embedding long-term AWS security credentials within an application
  • AWS is committed to customer security and is building a more secure cloud environment to allow customers to innovate with confidence
  • Customers should contact AWS Support immediately if they suspect unauthorized activity

Read Full Article

like

7 Likes

share

1 Share

source image

TechCrunch

1w

read

241

img
dot

Image Credit: TechCrunch

Governments call for spyware regulations in UN Security Council meeting

  • The United Nations Security Council held a meeting to discuss the dangers of commercial spyware.
  • The meeting aimed to address the implications of the proliferation and misuse of commercial spyware for international peace and security.
  • Several countries called for action to control the proliferation and abuse of commercial spyware, while Russia and China dismissed the concerns.
  • The U.S. government has taken actions against commercial spyware, including sanctioning NSO Group, Candiru, and Intellexa.

Read Full Article

like

14 Likes

share

3 Shares

source image

Qualys

1w

read

167

img
dot

Image Credit: Qualys

Certificate Awareness & Automated Renewal with Qualys CertView

  • Managing digital certificates can be challenging for organizations, with issues arising due to poorly managed certificates causing downtimes and security vulnerabilities.
  • Qualys CertView offers complete visibility into digital certificates, identifying insecure certificates, using weak encryptions/unsupported protocols and monitoring certificates for root and intermediate CAs.
  • The CertView Free licensing model provides unlimited external scans to monitor certificates, allowing complete visibility of certificates and proactively managing certificate expirations.
  • CertView uses a simple grading system for weak certificates, enabling administrators to quickly assess risks due to weaker cipher suites, older protocols, and poorer key exchange parameters.
  • Qualys CertView helps organizations communicate and manage the certificate lifecycle through easy deployment and bulk deploy of certificates, which can be renewed and auto-renewed.
  • CertView enforces organizational standards by creating a baseline inventory of all certificates, alerting stakeholders to upcoming expirations via Email, Slack, or PagerDuty, and even allows renewals using the Automated Certificate Management Environment (ACME) protocol.
  • CertView provides a rapid certificate deployment option, allowing proactive remediation for upcoming certificate expirations on multiple assets using a wizard.
  • The CertView Actionable Dashboard accelerates the process for managing certificates, focusing on the most urgent items to mitigate risks rapidly.
  • Qualys Certificate View is expanding its capabilities to support automated renewals using the ACME protocol, addressing the need for Certificate Lifecycle Management.
  • Qualys VMDR customers can begin managing their digital certificates using CertView, which is provided free of charge, and comes with a pre-configured dashboard to proactively manage digital certificates.

Read Full Article

like

10 Likes

share

2 Shares

source image

Securityaffairs

1w

read

125

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalog

  • U.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalog
  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS authorization bypass vulnerability, tracked as CVE-2024-55591, to its Known Exploited Vulnerabilities (KEV) catalog.
  • Remote attackers can exploit the vulnerability to bypass authentication and gain super-admin access via crafted Node.js WebSocket requests. The vendor confirmed that it is aware of attacks in the wild exploiting this vulnerability.
  • CISA also added two more vulnerabilities to the KEV catalog, affecting Microsoft Windows Hyper-V NT Kernel Integration VSP.

Read Full Article

like

7 Likes

share

1 Share

source image

Securityintelligence

1w

read

79

img
dot

Image Credit: Securityintelligence

ISC2 Cybersecurity Workforce Study: Shortage of AI skilled workers

  • The recent ISC2 Cybersecurity Workforce Study revealed a predicted deficit of skilled workers with AI competencies.
  • The study analysed how nearly 16,000 respondents think development in AI could influence employment roles in the industry.
  • Even though two thirds of the participants believe their existing cybersecurity proficiency can supplement AI technological advantages, a third voiced their concerns of AI-driven job redundancies.
  • The study also found that the budget cuts were the main point of worry, where 25% of respondents reported losing their jobs due to cybersecurity department redundancies.
  • On the other side, 37% faced budget cuts which have impacted the skills gap. This has resulted in a difficulty attracting candidates with the required skills.
  • At the beginning of the research in 2019, cybersecurity professionals did not consider AI as a crucial skill set for cybersecurity jobs, but it has, in recent years, risen to become a top-five skill.
  • Many experts consider AI as one of the tools to consider large data sets very quickly, and thus AI security skills have emerged as key skills to advance changes in how cybersecurity teams handle data analysis.
  • The report indicates that 82% of respondents believe that AI will improve work efficiency, and 88% think it will change their job role.
  • Ultimately, these findings suggest that the question now is how to hire the right individuals who have the required skills to lead the AI-driven fight against cybercrime.
  • The right hiring process that looks beyond technical skills and also includes non-tech-related communication and problem-solving skills is fundamental for success in cybersecurity industries.

Read Full Article

like

4 Likes

share

1 Share

source image

Hackingblogs

1w

read

288

img
dot

Image Credit: Hackingblogs

Microsoft Found Critical Vulnerability On Apple MacOS : CVE-2024-44243 SIP Bypass

  • Microsoft Threat Intelligence discovered a security weakness in Apple macOS, allowing an attacker to bypass System Integrity Protection (SIP) and install malicious kernel drivers.
  • System Integrity Protection (SIP) in macOS prevents unauthorized code execution and launching of apps. Microsoft reported the vulnerability (CVE-2024-44243) to Apple, who released a security update to fix it.
  • Bypassing SIP expands a user's ability to alter the system environment, including changing NVRAM variables and loading arbitrary kernel extensions.
  • Microsoft Defender Vulnerability Management quickly identifies and resolves the vulnerability, while Microsoft Defender for Endpoint detects anomalous behavior associated with specially entitled processes on macOS.

Read Full Article

like

17 Likes

share

4 Shares

source image

Securityaffairs

1w

read

330

img
dot

Image Credit: Securityaffairs

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

  • The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn.
  • Codefinger utilizes AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) for encryption and demands ransom for data recovery.
  • The ransomware campaign does not exploit any AWS vulnerabilities, but relies on publicly disclosed or compromised AWS keys.
  • Halcyon researchers recommend hardening AWS environments and collaborating with AWS support to mitigate the risks.

Read Full Article

like

19 Likes

share

4 Shares

source image

Securityaffairs

1w

read

384

img
dot

Image Credit: Securityaffairs

CVE-2024-44243 macOS flaw allows persistent malware installation

  • Microsoft disclosed details of a vulnerability in Apple macOS that could have allowed an attacker to bypass the OS's System Integrity Protection (SIP).
  • The vulnerability, tracked as CVE-2024-44243 with a CVSS score of 5.5, enabled attackers with 'root' access to bypass SIP and install rootkits, create persistent malware, and bypass TCC protections.
  • Microsoft researchers highlighted the importance of monitoring processes with special entitlements, such as com.apple.rootless.install and com.apple.rootless.install.heritable, which can bypass SIP restrictions.
  • In December 2024, Apple released macOS Sequoia 15.2 to patch the vulnerability. This disclosure follows a previous discovery by Microsoft of a vulnerability in Apple's Transparency, Consent, and Control (TCC) framework in macOS.

Read Full Article

like

23 Likes

share

5 Shares

source image

Dev

1w

read

369

img
dot

Image Credit: Dev

Amass API - REST API Solution for Domain Reconnaissance

  • Amass API is a Flask-based web application integrated with OWASP Amass for automated domain reconnaissance
  • OWASP Amass is a powerful tool for network infrastructure reconnaissance, combining passive and active techniques
  • Key features include automated domain reconnaissance, recursive search, subdomain discovery, and JSON API endpoint
  • Installation requires Docker and Docker Compose, API usage requires POST request to /api/amass/enum endpoint

Read Full Article

like

22 Likes

share

5 Shares

source image

Krebsonsecurity

1w

read

268

img
dot

Microsoft: Happy 2025. Here’s 161 Security Updates

  • Microsoft released a total of 161 security updates, including three zero-day vulnerabilities that are already under attack.
  • The vulnerabilities include privilege escalation bugs in Windows Hyper-V, a critical remote code execution vulnerability, and a weakness in Windows that allows arbitrary code execution.
  • Additionally, a vulnerability in Windows NTLMv1, an older authentication protocol, is remotely exploitable and poses a significant risk.
  • Microsoft also addressed vulnerabilities in its Bitlocker encryption suite and Microsoft Access, with a notable mention of a research effort aided by AI.

Read Full Article

like

16 Likes

share

3 Shares

source image

Securityaffairs

1w

read

415

img
dot

Image Credit: Securityaffairs

FBI deleted China-linked PlugX malware from over 4,200 US computers

  • The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States.
  • The malware, operated by a China-linked threat actor known as Mustang Panda, was used to steal sensitive information.
  • The operation was conducted by the Justice Department, FBI, and international partners, including French law enforcement and cybersecurity firm Sekoia.io.
  • The operation deleted the PlugX malware from approximately 4,258 U.S.-based computers and networks.

Read Full Article

like

24 Likes

share

5 Shares

source image

Qualys

1w

read

344

img
dot

Image Credit: Qualys

Microsoft Patch Tuesday, January 2025 Security Update Review

  • Microsoft's first Patch Tuesday of 2025 addressed 159 vulnerabilities, including 10 critical and 149 important severity vulnerabilities.
  • This month’s updates, Microsoft has addressed eight zero-day vulnerabilities, with three actively exploited in attacks.
  • Microsoft did not address any vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.
  • Some of the software Microsoft has fixed flaws in include .NET, .NET and Visual Studio, Microsoft Windows Search Component, Windows Installer, Windows Kerberos, Windows Kernel Memory, Windows Remote Desktop Services, and Windows Secure Boot.
  • The vulnerabilities patched in the update include Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, and Remote Code Execution (RCE).
  • Some of the critical severity vulnerabilities include Remote Code Execution in Microsoft Excel and Windows Remote Desktop Services.
  • Additionally, Microsoft details exclusive controls for users to implement in the event that remediation or patching cannot be done immediately.
  • Users of Qualys can attend upcoming webinars to learn more about the software.
  • The next Patch Tuesday update is expected to fall on February 11.
  • As always, users are encouraged to stay safe and secure while online.

Read Full Article

like

20 Likes

share

4 Shares

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app