Aggregator

A vulnerability classified as problematic was found in cvat up to 2.18.x. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-47063. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Authors/Presenters:Yang Zhou, Xingyu Xiang, Matthew Kiley, Sowmya Dharanipragada, Minlan Yu

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – DINT: Fast In-Kernel Distributed Transactions with eBPF appeared first on Security Boulevard.

Cyfirma раскрыла все карты пакистанских хакеров.

A vulnerability classified as very critical has been found in PIX-LINK LV-WR22 RE3002-P1-01_V117.0. This affects an unknown part of the component Telnet Service. The manipulation leads to weak password requirements. This vulnerability is uniquely identified as CVE-2024-46280. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in MantisBT up to 2.26.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-45792. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-46293. The attack can be launched remotely. There is no exploit available.

Since June 1st 2024, Chinese frontline threat actor APT 41 has been linked to as many as 63 events globally. These include attacks on Taiwanese research agencies in August and attacks on the shipping and logistics, utilities, media and entertainment, technology, and automobile sectors in countries such as Taiwan, Thailand, Italy, UAE, Spain, the United Kingdom, and Turkey in July. The group is known to have successfully penetrated networks connected with critical infrastructure in as many as 29 countries as of this year. The group has registered a whopping 900 percent rise in its presence this year as measured by the IOCs recovered from various events analyzed by Sectrio’s Threat Research team.   So why has APT 41 turned hyperactive in 2024 and what does this mean for critical infrastructure operators around the world? Let’s find out. Background of APT 41 APT 41 has been a group reserved for carrying out the most sophisticated attacks on few of China’s chosen geo-political rivals. Hitherto, this group had a mandate covering the G7 countries, India, South Korea, Taiwan and Vietnam. As things stand, APT 41 is assigned the best talent, weapons, and exploits to work with, thanks to its ranking by the Chinese Ministry of State Security as a frontline cyber intelligence gathering entity. Read now: The Complete Guide to OT SOC Periodically, the group is split for administrative (and/or project) reasons. The splinter groups are assigned strategic targets to pursue only to be merged with APT 41 once the target data is acquired or the project closed. It is believed that APT 41 also covers several shadow groups working under the direct tutelage of senior members such as Dalin Tan and Qian Chuan. Such groups do not have any direct affiliation with the MSS and their operations are channeled through APT 41 and they may even be on the direct payroll of APT 41. [You can read more about APT 41 in our comprehensive intelligence note on this threat actor presented in our Threat Landscape Report 2024] As per Sectrio’s Threat Research Team, APT 41 also runs an intelligence crunching operation that churns out intelligence of very high quality that is shared directly with the CCP leadership. This intel is also used to shape the geopolitical responses of China in addition to being used to shape specific long-term military and diplomatic interventions as well. The strategic importance of the intelligence gathered by APT 41 and recent moves by many APT 41 target countries offers a clue on why APT 41 is in such a hurry to target multiple critical infrastructure operators. We will get there in a minute but before that, it is important to understand what has changed in the last few months. Rising legislative attention on critical infrastructure security         In the last few months, many countries have enacted legislation on Industrial Control System/OT cybersecurity. These legislations mandate cyber risk and gap assessment, deployment of OT Security Operations Center (SOC), better reporting and asset visibility and enhanced monitoring of OT/ICS networks. There is increased scrutiny on critical infrastructure operators and regulatory bodies are also conducting surprise checks on various entities to check their preparedness levels to deal with cyber risks and threats. Penalties are in order as well. Many critical infrastructure entities are also conducting security acceptance tests on systems and assets to ensure they are free of backdoors and that they do not leak any data or have security issues that could compromise the device or networks connected to it.  This coupled with regular IEC 62443-based risk and gap assessments is helping critical infrastructure operators scale their security posture and bring it closer to the levels of risks these entities are exposed to. So how does this impact APT 41 and its operations you may ask? The answer is simple. With security measures intensifying, the MSS understands that its window of opportunity for exfiltrating data and maintaining a menacing presence through APT 41 will diminish considerably in the days to come. There is certainly a growing realization among the bosses at APT 41 that they need to hurry up. This hurry has led to APT 41 and its sister actors The sense of urgency has also led to errors across geos revealing its modus operandi as well as the measures it is using to breach networks and maintain surveillance. APT 41’s attempts to plant reconware have been exposed in multiple instances including two times in the recent past when APT actors tried to engage a decoy infra in an apparent surveillance bid. What the future holds for APT 41? It is too early to say but one can assert arguably that APT 41 will continue to evolve its tactics and tools in the future with more funding and talent. This is something that won’t change in the days to come and APT 41 may even reduce or increase the targets in its crosshairs depending on the mandate given by the MSS. APT 41 is an evolved threat actor and if its past track record is anything to go by, we may very well be witnessing a new phase in its evolution. It also serves as a test bed for new and emerging threat actors to test new breach tactics as well. MSS may even reconfigure the group by adding newer players to keep the group going. Talk to us to learn how your crown jewels and assets can be protected through a custom-built ICS security plan. Contact us now! Learn more about an IEC 62443-base cyber threat and risk assessment for your infrastructure. Book a free consultation with our Industrial Control System security expert to learn about the latest cyber risk minimization strategies and models. Book a consultation with our ICS security experts now. Contact Us  Thinking of an ICS security training program for your employees? Talk to us for a custom package.   

The post Why is Chinese threat actor APT 41 in a tearing hurry? appeared first on Security Boulevard.

Diehl Defence anti-aircraft missiles from Baden-Württemberg are successfully intercepting Russian attacks on Kyiv, according to Mayor Vitali Klitschko. The German-supplied technology has achieved a 100% hit rate in defending the Ukrainian capital. The German government plans to install Diehl missile defense systems on three new government aircraft, which will equip the aircraft with advanced capabilities […]

The post North Korean Hackers Attempted To Steal Sensitive Military Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Mambo RemoSitory. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument cat leads to sql injection. This vulnerability is handled as CVE-2007-4505. The attack may be launched remotely. Furthermore, there is an exploit available.

The newly emerged Gorilla Botnet has exhibited unprecedented activity, launching over 300,000 DDoS attacks against targets in over 100 countries between September 4 and 27.  The botnet, a modified version of Mirai, supports multiple CPU architectures and employs advanced techniques to maintain long-term control over infected devices.  It leverages encryption algorithms commonly used by the […]

The post GorillaBot Emerged As King For DDoS Attacks With 300,000+ Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

OXO是一款针对Orchestration框架的安全扫描引擎，可以帮助检测Orchestration安全问题，并执行网络侦查、 枚举和指纹识别等操作。

In a new campaign that is aimed at users who speak Russian, the modular remote access tool (RAT) known as DCRat has been utilized.  Delivered through HTML smuggling, a technique not previously seen with DCRat, the malware leverages its typical RAT capabilities to execute shell commands, log keystrokes, exfiltrate files, and steal credentials, which marks […]

The post DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.