Sentry just gave $750k to open source projects "Sentry started out as an Open Source side project in 2008. Today we are a Fair Source company with 100,000+ organizations on our SaaS and $100M+ ARR, but we have not forgotten our roots nor the hundreds of Open Source maintainers whose work we depend on for our success. Every year we share our success with the community, and 2024 is no different. This year, our budget is $750,000, up 50% from last year. The big news this year is that, together with dozens of other companies, we launched the Open Source Pledge. It’s great that Sentry pays maintainers, but we can’t solve the Open Source sustainability crisis by ourselves. The good news is that we’re not alone. Through the Pledge, many other companies are also stepping up to the plate, paying maintainers at least $2,000 per year per dev on staff and blogging about it annually to drive awareness and accountability." See more:
Product Blog • Sentry
We Just Gave $750,000 to Open Source Maintainers
In honor of the 4th year of our Open Source Pledge, we’re excited to continue driving this important conversation. See what we’ve accomplished ...
 #opensource
Botnet exploits GeoVision zero-day to install Mirai malware A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. The flaw is tracked as CVE-2024-11120 and was discovered by Piort Kijewski of The Shadowserver Foundation. It is a critical severity (CVSS v3.1 score: 9.8) OS command injection problem, allowing unauthenticated attackers to execute arbitrary system commands on the device. "Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device," warns Taiwan's CERT. "Moreover, this vulnerability has already been exploited by attackers, and we have received related reports." See more:
BleepingComputer
Botnet exploits GeoVision zero-day to install Mirai malware
A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomi...
 #cybersecurity #malware #zeroday
These 8 Apps on Google Play Store Contain Android/FakeApp Trojan Russian cybersecurity firm Dr. Web has exposed several Android apps on the Google Play Store that contain a sophisticated trojan, Android[.]FakeApp[.]1669 (also known as Android/FakeApp). These apps, which claim to provide practical functions like financial tools, planners, and recipe books; contain a hidden payload that redirects users to unwanted websites, compromising their data. What’s worse, more than 2 million users have downloaded these infected apps from Google Play, unaware of the threat. Malware on the official Google Play Store is nothing new. In fact, reports from last month indicate a rise in malicious apps on both the Apple App Store and Google Play Store. See more:
These 8 Apps on Google Play Store Contain Android/FakeApp Trojan – Hackread – Cybersecurity News, Data Breaches, AI, and More
 #cybersecurity #android #malware
Summary of noteworthy news from the last week by SecurityWeek! TSA proposes new cyber rules for pipelines and railroads, Google adds scam call detection to Android, SIM swappers arrested in US, and more... See more:
SecurityWeek
In Other News: TSA Wants New Cyber Rules, Scam Call Detection in Android, SIM Swappers Arrested
TSA proposes new cyber rules for pipelines and railroads, Google adds scam call detection to Android, SIM swappers arrested in US.
 #cybersecurity #news
Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the wild since at least September 1, 2023, based on artifacts uploaded to the VirusTotal platform. "WezRat can execute commands, take screenshots, upload files, perform keylogging, and steal clipboard content and cookie files," it said in a technical report. "Some functions are performed by separate modules retrieved from the command and control (C&C) server in the form of DLL files, making the backdoor's main component less suspicious." WezRat is assessed to be the work of Cotton Sandstorm, an Iranian hacking group that's better known under the cover names Emennet Pasargad and, more recently, Aria Sepehr Ayandehsazan (ASA). See more:
The Hacker News
Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations
WezRat malware, linked to Iranian hackers, uses phishing and Trojanized Chrome installers to steal data.
 #cybersecurity #malware #trojan
NSO Group used another WhatsApp zero-day after being sued, court docs say Israeli surveillance firm NSO Group reportedly used multiple zero-day exploits, including an unknown one named "Erised," that leveraged WhatsApp vulnerabilities to deploy Pegasus spyware in zero-click attacks, even after getting sued. Pegasus is NSO Group's spyware platform (marketed as surveillance software for governments worldwide), with multiple software components that provide customers with extensive surveillance capabilities over victims' compromised devices. For instance, NSO customers could monitor the victims' activity and extract information using the Pegasus agent installed on the victims' mobile phones. See more:
BleepingComputer
NSO Group used another WhatsApp zero-day after being sued, court docs say
Israeli surveillance firm NSO Group reportedly used multiple zero-day exploits, including an unknown one named "Erised," that leveraged WhatsApp vu...
 #cybersecurity #spyware #privacy
Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform Cybersecurity researchers have disclosed two security flaws in Google's Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. "By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to all data services in the project," Palo Alto Networks Unit 42 researchers Ofir Balassiano and Ofir Shaty said in an analysis published earlier this week. "Deploying a poisoned model in Vertex AI led to the exfiltration of all other fine-tuned models, posing a serious proprietary and sensitive data exfiltration attack risk." Vertex AI is Google's ML platform for training and deploying custom ML models and artificial intelligence (AI) applications at scale. It was first introduced in May 2021. See more:
The Hacker News
Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform
Two Vertex AI flaws let attackers escalate privileges and exfiltrate sensitive ML models. Risks now mitigated.
 #cybersecurity #vertexai
watchTowr Finds New Zero-Day Vulnerability in Fortinet Products Attack surface management provider watchTowr claims to have found a new zero-day vulnerability in cybersecurity provider Fortinet’s products. This flaw would allow a managed FortiGate device to elevate privileges and seize control of the FortiManager instance. This vulnerability, which carries a common vulnerability severity score (CVSS) of 9.8, is actively exploited in the wild, sometimes together with CVE-2024-23113. It allows threat actors to use a compromised FortiManager device to execute arbitrary code or commands against other FortiManager devices. See more:
Infosecurity Magazine
watchTowr Finds New Zero-Day Vulnerability in Fortinet Products
The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October
 #cybersecurity #fortinet
Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software," Cisco Talos researchers Joey Chen, Alex Karkins, and Chetan Raghuprasad said. "PXA Stealer has the capability to decrypt the victim's browser master password and uses it to steal the stored credentials of various online accounts" See more:
The Hacker News
Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia
Vietnam-linked hackers target Europe and Asia with PXA Stealer malware, stealing credentials and Facebook ad data.
 #cybersecurity #malware
The true (and surprising) cost of forgotten passwords Password resets are expensive because their hidden costs can quickly add up. When an employee forgets their password, there are some obvious expenses — for example, the time your help desk employee needs to verify the user’s identity and implement the reset. Research from Forrester estimates the average password reset cost is $70, including direct (IT staff time) and indirect costs (lost productivity). That means if you handle IT for a mid-sized organization with 1,000 employees, and each employee only needs a password reset two times a year, you could be spending $140,000 annually on password resets. See more:
BleepingComputer
The true (and surprising) cost of forgotten passwords
Password resets are more expensive for your organization than you may realize. Learn more from Specops Software on why password resets are so expen...
 #cybersecurity #passwords