Author: securnerd

Security experts are on high alert as proof-of-concept exploits emerge online for a critical vulnerability in GNU C Library’s dynamic loader, raising concerns about root access being granted to local attackers on significant Linux distributions. Dubbed ‘Looney Tunables’ and officially tracked as CVE-2023-4911, this high-severity flaw stems from a buffer overflow weakness. It has been found to affect default installations of Debian 12 and 13, Ubuntu 22.04 and 23.04, as well as Fedora 37 and 38, posing a significant threat to these widely used Linux platforms. The vulnerability enables attackers to exploit a flaw in the GLIBC_TUNABLES environment variable processed…

In a recent revelation, it has been disclosed that the infamous Lazarus Group, a North Korea-linked hacking organization, has laundered a staggering $900 million in cryptocurrency through cross-chain channels. This sophisticated operation, part of an estimated $7 billion in illicitly laundered cryptocurrency, unfolded between July 2022 and July of this year. Blockchain analytics firm Elliptic, in its latest report, highlighted the rising trend of crypto crime displacement toward chain- or asset-hopping typologies, as traditional entities like mixers face seizures and sanctions scrutiny. Cross-chain crime involves the swift conversion of crypto assets from one token or blockchain to another, obscuring their…

In a rapid response to a significant security threat, Cisco has swiftly released a crucial update to address a critical flaw affecting Emergency Responder systems. This flaw has the potential to allow unauthenticated, remote attackers to gain access to vulnerable systems by exploiting hard-coded credentials. Identified as CVE-2023-20101 with a high CVSS score of 9.8, the vulnerability stems from static user credentials for the root account, typically reserved for developmental purposes. Exploiting this flaw could enable attackers to log into affected systems and execute arbitrary commands with root user privileges, posing a severe security risk. Cisco, a leading networking equipment…

In a startling revelation, cybersecurity experts have uncovered a highly advanced mobile malware, known as LightSpy, deployed in a targeted attack against iOS users in Hong Kong. This sophisticated Advanced Persistent Threat (APT), attributed to the state-sponsored group APT41, has now been found embedded with Android implant Core and 14 related plugins across 20 active servers, all geared towards attacking mobile users. Unlike conventional malware, LightSpy operates as a Mobile Advanced Persistent Threat (mAPT), employing innovative techniques to compromise mobile devices. Recent findings have exposed its insidious use of WeChat payment systems to pilfer payment data, eavesdrop on private communications,…

In a recent incident, Amazon inadvertently sent out purchase confirmation emails for gift cards from prominent brands, including Hotels.com, Google Play, and Mastercard, causing confusion and concern among its customers. On the night of [Date], numerous Amazon Prime users reported receiving three separate emails, each detailing an alleged gift card purchase. However, upon checking their accounts, no corresponding transactions were found. Social media platforms, particularly Reddit, were abuzz with discussions about these unexpected emails. One Reddit post, in particular, captured the bewilderment of many Amazon customers, with users expressing their confusion over the sudden influx of gift card confirmation emails…

A recent alert from the FBI has shed light on an alarming rise in ransomware campaigns that deploy multiple malware variants on a victim’s network, leading to system encryption in less than two days. This latest Private Industry Notification issued by the FBI was instigated by patterns observed since July 2023. The authoritative agency highlighted the deployment of two unique ransomware strains by cybercriminals during their attack on various organizations. The notable variants used in these swift assaults include Diamond, Hive, LockBit, Karakurt, Royal, Quantum, and AvosLocker. According to the FBI, “Dual ransomware deployment has led to a mix of…

On September 21, 2023, Apple confronted three newly identified vulnerabilities. These vulnerabilities were a part of a complex exploit chain targeting Ahmed Eltantawy, a former Egyptian MP, using a malicious software dubbed “Predator” from May to September 2023. Following Eltantawy’s public announcement of his intent to run for the Egyptian Presidential election in 2024, he became a target. The Citizen Lab attributes the cyberattack to the Egyptian government, with substantial evidence pointing to them being a regular patron of this particular surveillance tool. A collaborative investigation by Canada’s Citizen Lab and Google’s Threat Analysis Group (TAG) revealed that this invasive…

Recently, Ethos Technologies settled the allegations of a data breach that took place in 2022, offering affected users monetary compensation. While not admitting to any shortcomings, the life insurance firm is addressing the situation by providing restitution to impacted individuals. The reported data breach occurred between August and December 2022, revealing sensitive user information. The breach stirred speculations that Ethos Technologies might have prevented the compromise if better cybersecurity infrastructure was in place. Affected individuals can claim a $100 compensation, with an added $100 for those part of the California subclass. The exact amount may vary based on the claims…

Nagios XI’s network monitoring application has unveiled a series of security issues that could potentially lead to elevated privileges and data breaches. The set of vulnerabilities, enumerated from CVE-2023-40931 to CVE-2023-40934, pertains to Nagios XI iterations 5.11.1 and preceding versions. These vulnerabilities were responsibly reported on August 4, 2023, and subsequent patches were applied on September 11, 2023, coinciding with the rollout of version 5.11.2. Outpost24’s security analyst, Astrid Tedenbrant, commented, “Among the disclosed issues, CVE-2023-40931, CVE-2023-40933, and CVE-2023-40934 permit individuals of differing access rights to probe database entries through SQL Injections. Data gathered from these weak points could pave…

On GitHub, a cybercriminal has released a misleading proof-of-concept (PoC) exploit targeting a recent WinRAR vulnerability. This deceptive exploit is primarily designed to deliver the VenomRAT malware to unsuspecting users. This deceptive PoC was detected by the research team at Palo Alto Networks’ Unit 42, who confirmed that the malicious code was uploaded to GitHub on August 21, 2023. Although the attack has ceased, it underscores the importance of thoroughly vetting PoCs sourced from GitHub before execution. Details on the WinRAR Exploit The deceptive PoC targets the CVE-2023-40477 vulnerability. This flaw allows for arbitrary code execution when users open a…