HPE warns of critical RCE flaws in Aruba Networking access points Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. The two security issues could allow a remote attacker to perform unauthenticated command injection by sending specially crafted packets to Aruba's Access Point management protocol (PAPI) over UDP port 8211. The critical flaws are tracked as CVE-2024-42509 and CVE-2024-47460, and have been assessed with a severity score of 9.8 and 9.0, respectively. Both are in the command line interface (CLI) service, which is accessed via the PAPI protocol. Update fixes also a couple of others security vulnerabilities with severity score around 7. See more:
BleepingComputer
HPE warns of critical RCE flaws in Aruba Networking access points
Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking...
 #cybersecurity #hpe #aruba
North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS A threat actor with ties to the Democratic People's Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as RustBucket, KANDYKORN, ObjCShellz, RustDoor (aka Thiefbucket), and TodoSwift. The activity "uses emails propagating fake news about cryptocurrency trends to infect targets via a malicious application disguised as a PDF file," researchers Raffaele Sabato, Phil Stokes, and Tom Hegel said in a report shared with The Hacker News. "The campaign likely began as early as July 2024 and uses email and PDF lures with fake news headlines or stories about crypto-related topics." See more:
The Hacker News
North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS
North Korean hackers launch Hidden Risk malware targeting macOS devices in crypto firms via fake PDFs.
 #cybersecurity #crypto
Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns The Canadian government on Wednesday ordered ByteDance-owned TikTok to dissolve its operations in the country, citing national security risks, but stopped short of instituting a ban on the popular video-sharing platform. "The decision was based on the information and evidence collected over the course of the review and on the advice of Canada's security and intelligence community and other government partners," François-Philippe Champagne, Minister of Innovation, Science and Industry, said in a statement. The government said it does not intend to block Canadians' access to the app itself or curtail their ability to create new content, stating the use of a social media application is a "personal choice." The use of the app has already been banned on Canadian government devices since February 2023. See more:
The Hacker News
Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns
Canada orders TikTok shutdown over national security risks but allows app access for users.
 #cybersecurity #tiktok
South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers Meta has been fined 21.62 billion won ($15.67 million) by South Korea's data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent. The country's Personal Information Protection Commission (PIPC) said Meta gathered information such as religious affiliations, political views, and same-sex marital status of about 980,000 domestic Facebook users and shared it with 4,000 advertisers. "Specifically, it was found that behavioral information, such as the pages that users 'liked' on Facebook and the ads they clicked on, was analyzed to create and operate advertising topics related to sensitive information," the PIPC said in a press statement. See more:
The Hacker News
South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers
Meta fined $15.67M in South Korea for illegal data collection and sharing sensitive user data.
 #privacy #meta
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an "unauthenticated zero-click vulnerability allowing attackers to obtain root-level code execution on the popular Synology DiskStation and BeeStation NAS devices, affecting millions of devices," the Dutch company said. See more:
The Hacker News
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
Synology addresses a critical zero-click RCE flaw, CVE-2024-10443, impacting millions of NAS devices. Update now.
 #cybersecurity #zeroclick
Meet Interlock — The new ransomware targeting FreeBSD servers A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers. Launched at the end of September 2024, Interlock has since claimed attacks on six organizations, publishing stolen data on their data leak site after a ransom was not paid. One of the victims is Wayne County, Michigan, which suffered a cyberattack at the beginning of October. Not much is known about the ransomware operation, with some of the first information coming from incident responder Simo in early October, who found a new backdoor [VirusTotal] deployed in an Interlock ransomware incident. See more:
BleepingComputer
Meet Interlock — The new ransomware targeting FreeBSD servers
A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to targ...
 #cybersecurity #ransomware
LastPass warns of fake support centers trying to steal customer data LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer. LastPass is a popular password manager that utilizes a LastPass Chrome extension to generate, save, manage, and autofill website passwords. Threat actors are attempting to target a large swath of the company's user base by leaving 5-star reviews with a fake LastPass customer support number. See more:
BleepingComputer
LastPass warns of fake support centers trying to steal customer data
LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone ...
 #cybersecurity #lastpass
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse. A popular device and application used by millions of individuals and businesses around the world to store documents is vulnerable to a zero-click flaw, a group of Dutch researchers have discovered. The vulnerability, which is called zero-click because it doesn’t require a user to click on anything to be infected, affects a photo application installed by default on popular network-attached storage (NAS) devices made by the Taiwanese firm Synology. The bug would allow attackers to gain access to the devices to steal personal and corporate files, plant a backdoor, or infect the systems with ransomware to prevent users from accessing their data. See more:
WIRED
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers...
 #cybersecurity #zeroclick
Sophos reveals 5-year battle with Chinese hackers attacking network devices Sophos disclosed today a series of reports dubbed "Pacific Rim" that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos. Sophos believes that many of the zero-day vulnerabilities are developed by Chinese researchers who not only share them with vendors, but also the Chinese government and associated state-sponsored threat actors. While many of these attacks put cybersecurity researchers on the defensive, Sophos also had the opportunity to go on the offensive, planting custom implants on devices that were known to be compromised. These implants allowed Sophos to collect valuable data about the threat actors, including a UEFI bootkit that was observed being deployed to a networking device. See more:
BleepingComputer
Sophos reveals 5-year battle with Chinese hackers attacking network devices
Sophos disclosed today a series of reports dubbed "Pacific Rim" that detail how the cybersecurity company has been sparring with Chinese threat act...
 #cybersecurity #sophos
Interbank confirms data breach following failed extortion, data leak ​Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online. Previously known as the International Bank of Peru (Banco Internacional del Perú), the company provides financial services to over 2 million customers. See more:
BleepingComputer
Interbank confirms data breach following failed extortion, data leak
​Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leake...
 #privacy #cybersecurity