Author: TheHackerNews

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Summary: Cybersecurity researchers have identified three critical vulnerabilities in Planet Technology’s WGS-804HPT industrial switches, which could be exploited for pre-authentication remote code execution. These switches are commonly used in building and home automation systems, making them attractive targets for attackers. The vulnerabilities stem from the dispatcher.cgi…
Read More
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation
Summary: Cybersecurity researchers have uncovered a campaign targeting PHP-based web servers to promote gambling sites in Indonesia, utilizing Python-based bots for exploitation. The attacks leverage GSocket to establish communication channels and redirect users searching for gambling services to malicious domains. This coordinated effort has been linked to a broader malware campaign affecting thousands of sites globally.…
Read More
New ‘Sneaky 2FA’ Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Summary: Cybersecurity researchers have unveiled a new phishing kit, named Sneaky 2FA, designed to target Microsoft 365 accounts and steal credentials along with two-factor authentication codes. This kit operates as phishing-as-a-service (PhaaS) and has been linked to a cybercrime service called ‘Sneaky Log,’ with nearly 100 domains identified hosting its phishing pages.…
Read More
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
Summary: Recent data breaches have underscored the urgent need for enhanced security in guest Wi-Fi infrastructures across organizations. As businesses strive to balance network protection with convenient access for guests and employees, implementing secure guest Wi-Fi solutions has become essential. The integration of zero-trust architecture with cloud-based captive portals offers a robust framework for safeguarding sensitive data while ensuring compliance and operational continuity.…
Read More
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Summary: Austrian privacy non-profit None of Your Business (noyb) has filed complaints against several companies, including TikTok and Xiaomi, for allegedly violating EU data protection laws by transferring user data to China. The organization seeks an immediate halt to these data transfers, citing concerns over Chinese government access to personal information.…
Read More
Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action
Summary: The digital landscape is rapidly evolving, with an explosion of IoT devices and tightening compliance requirements. Traditional trust management systems are inadequate for today’s hybrid environments, necessitating a more efficient solution. DigiCert ONE offers a platform designed to simplify and automate trust management, making it easier to navigate the complexities of modern digital operations.…
Read More
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
Summary: Cybersecurity researchers have discovered that a misconfiguration in on-premise applications can bypass Microsoft’s Group Policy designed to disable NT LAN Manager (NTLM) v1 authentication. This vulnerability allows organizations to mistakenly believe they are protected against NTLMv1 attacks, while in reality, they remain exposed due to misconfigured settings.…
Read More
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
Summary: A recently discovered vulnerability (CVE-2024-7344) in UEFI systems could allow attackers to bypass Secure Boot protections, enabling the execution of untrusted code during system boot. The flaw affects several real-time system recovery software suites and could lead to the deployment of malicious UEFI bootkits. Despite being patched, the incident raises concerns about the security practices of third-party UEFI software vendors.…
Read More
The Cyber Threat Responsible for the Biggest Breaches of 2024
Summary: Stolen credential-based attacks have surged, becoming the leading cyber threat in 2023/24, with a staggering 80% of web app attacks originating from this breach vector. Despite increased cybersecurity budgets, vulnerabilities remain due to inadequate MFA adoption and the rise of infostealer malware. This article explores the factors contributing to the rise in account compromises and offers recommendations for security teams to combat these threats.…
Read More
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
Summary: Ivanti has released security updates to address critical vulnerabilities in its Endpoint Manager (EPM), Avalanche, and Application Control Engine, including four critical flaws rated 9.8 on the CVSS scale that could lead to information disclosure. The vulnerabilities, discovered by security researcher Zach Hanley, allow remote unauthenticated attackers to leak sensitive information.…
Read More
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws
Summary: Cybersecurity researchers have uncovered a sophisticated attack involving a Python-based backdoor used to deploy RansomHub ransomware after initial access through the SocGholish malware. The attack exploits vulnerabilities in outdated WordPress SEO plugins and employs advanced techniques for lateral movement within compromised networks. This incident highlights the evolving tactics of threat actors and the importance of robust cybersecurity measures.…
Read More
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Summary: The Lazarus Group, linked to North Korea, has launched a new cyber attack campaign known as Operation 99, targeting software developers in the Web3 and cryptocurrency sectors. The campaign employs fake recruiters on platforms like LinkedIn to lure victims into cloning malicious GitLab repositories, ultimately embedding malware in their environments.…
Read More
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Summary: A new malvertising campaign is targeting Google Ads users by phishing for their credentials through fraudulent ads. The attackers aim to steal advertiser accounts and use the stolen credentials to perpetuate further scams. The campaign has been active since at least mid-November 2024 and employs sophisticated techniques to evade detection.…
Read More
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
Summary: Cybersecurity researchers have uncovered links between North Korean threat actors involved in fraudulent IT worker schemes and a 2016 crowdfunding scam. These actors have been infiltrating companies globally under false identities to generate revenue for North Korea, while also being connected to previous scams. Recent findings highlight the evolution of their tactics and the ongoing threat they pose in cyberspace, particularly in cryptocurrency thefts.…
Read More
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
Summary: Multiple security vulnerabilities have been found in the Rsync file-synchronizing tool, potentially allowing attackers to execute arbitrary code on connected clients. The vulnerabilities include heap-buffer overflow and information disclosure, among others, posing significant risks to users.

Threat Actor: Unknown | unknown Victim: Rsync users | Rsync users

Key Point :

Six vulnerabilities disclosed, including CVE-2024-12084 with a CVSS score of 9.8 for heap-buffer overflow.…
Read More
Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
Summary: Cybersecurity researchers have identified multiple vulnerabilities in SimpleHelp remote access software that could lead to serious security breaches, including information disclosure and remote code execution. The flaws, which are easy to exploit, necessitate immediate action from users to apply patches and enhance security measures.

Threat Actor: Unknown | unknown Victim: SimpleHelp | SimpleHelp

Key Point :

CVE-2024-57727: Unauthenticated path traversal vulnerability allowing file downloads, including sensitive configuration files.…
Read More