-
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. “During these fraudulent interviews, the developers are often asked
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. “During these fraudulent interviews, the developers are often asked
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. “During these fraudulent interviews, the developers are often asked
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules,
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Some router models have identified a security vulnerability that allows attackers to bypass authentication.
To exploit this vulnerability, an attacker must know the WiFi password or have an Ethernet connection to a device on the victim’s network.Β
Firmware updates that address this vulnerability are available for the following routers: RAX35 (version 1.0.6.106), RAX38 (version 1.0.6.106), and RAX40 (version 1.0.6.106).
It is strongly recommended that users download and install the latest firmware update as soon as possible.Β
Is Your Network Under Attack? - Read CISOβs Guide to Avoiding the Next Breach - Download Free GuideThe document details an authentication bypass vulnerability in a NETGEAR product and emphasizes the crucial importance of completing all the recommended steps to patch the vulnerability.Β
Failing to do so might expose your system, and NETGEAR is not responsible for any avoidable consequences.
This is only informational and does not carry any guarantees, as NETGEAR reserves the right to update the information as needed.
A critical vulnerability has been identified with a CVSS score of 8.4, which indicates a high-severity issue that can be exploited remotely (Attack Vector: Low) without complex actions by an attacker (Attack Complexity: Low).Β
No special privileges are required (Privileges Required: None), and no user interaction is needed (User Interaction: None).
Document Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
- Real-time Detection
- Interactive Malware Analysis
- Easy to Learn by New Security Team members
- Get detailed reports with maximum data
- Set Up Virtual Machine in Linux & all Windows OS Versions
- Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
The vulnerability allows an attacker to compromise the affected system’s confidentiality, integrity, and availability (Scope: Unchanged; Confidentiality: High; Integrity: High; Availability: High).Β
NETGEAR recommends updating devices with the most recent firmware to implement security patches, bug fixes, and new features.Β
For NETGEAR app-supported devices, update the firmware through the corresponding app: the Orbi app for Orbi products, the Nighthawk app for NETGEAR WiFi routers, and the Insight app for some NETGEAR Business products (requires an Insight subscription).
For manual update instructions for unsupported devices, refer to the user manual, firmware release notes, or product support page.Β
The document underwent two revisions recently, as on April 15th, an advisory containing security recommendations was published.
Subsequently, on April 21st, the document was updated to acknowledge contributions from relevant parties, likely addressing collaborators, reviewers, or external sources that were not previously credited.Β
Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training ->Try Free DemoThe post NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Hackers often target CrushFTP servers as they contain sensitive data and are used for file sharing and storage.
This makes them attractive targets for data theft and ransomware attacks for the threat actors.
Besides this, the vulnerabilities in CrushFTP servers can be exploited to gain unauthorized access to networks or distribute malware to connected systems.
Silent Push researchers recently identified that on April 19th, CrushFTP disclosed a critical zero-day vulnerability tracked as CVE-2024-4040 with a CVSS score of 9.8 in versions before 10.7.1/11.1.0.Β
Is Your Network Under Attack? - Read CISOβs Guide to Avoiding the Next Breach - Download Free GuideTechnical Analysis
The unauthenticated exploit allows escaping the Virtual File System via the WebInterface, gaining admin access and remote code execution capabilities.
CrushFTP urged immediate upgrades, even for DMZ deployments.
Researchers monitored the vulnerability, populating data feeds with vulnerable domains, IPs hosting the service, and infrastructure actively exploiting CVE-2024-4040 for early detection.
Silent Push conducts daily internet-wide scans that help categorize the data using SPQL to locate the associated infrastructure and content.Β
Leveraging the CVE-2024-4040 information, queries identified exploitable internet-exposed CrushFTP web interfaces.
The resulting vulnerable domains and IPs were clustered into two Bulk Data Feeds for enterprise customers to analyze the affected infrastructure.
Here below, we have mentioned those two Bulk Data Feeds:-
- CrushFTP Vulnerable Domains
- CrushFTP Vulnerable IPs
.webp)
Silent Push CrushFTP Bulk Data Feeds (Source – Silent Push) SPQL, at its core, is a tool of analysis for DNS data that spans over 90 categories. The map shows where CrushFTP interfaces are vulnerable to CVE-2024-4040 on a global scale.
Document Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
- Real-time Detection
- Interactive Malware Analysis
- Easy to Learn by New Security Team members
- Get detailed reports with maximum data
- Set Up Virtual Machine in Linux & all Windows OS Versions
- Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
While most are in the US and Canada, many can be found across Europe as well as throughout:-
- South America
- Russia
- Asia
- Australia
.webp)
Global distribution of CrushFTP web interfaces (Source – Silent Push) This helps potential targets understand how big this issue really is, and it gives security professionals an idea of what they are up against.
Enterprise users can download raw data, as well as export bulk data feeds in the form of API endpoints that list CrushFTP domains and IPs that are susceptible to attacks.Β
With this information, security teams can identify weaknesses within their networks and inform risk-scoring systems used to evaluate outside dangers.
Meanwhile, a feed for early detection can track intrusion attempts in real time while simultaneously logging infrastructure related to those attempts so that it can be automatically blocked.
Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training ->Try Free DemoThe post 5000+ CrushFTP Servers Hacked Using Zero-Day Exploit appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
DDoS attacks are a significant and growing risk that can overpower websites, crash servers, and block out authorized users with never-ending waves of offensive traffic.
More than 13 million DDoS attacks were recorded in 2023 alone, which reveals the real danger of unmitigated attacks.Β
NetScout researchers recently discovered that threat actors executed 13,142,840 DDoS attacks targeted at organizations around the globe.
Is Your Network Under Attack? - Read CISOβs Guide to Avoiding the Next Breach - Download Free GuideTechnical Analysis
The outcomes are not limited to inconveniences alone. They bring all activities to a standstill, which involves critical services and consequently risks lives.
Also, businesses undergo financial losses coupled with losing customers’ trust as network operators face continuous storms that lead to security exhaustion.Β
If these establishments do not have adequate safeguards in place, their only choice is to respond aimlessly when it’s already too late.
Such moves may cause even greater harm while achieving no tangible results.
However, researchers urged that instead of reacting to hostile attacks at the eleventh hour, it is much better to be armed with the right information and protection tools in advance.Β
Document Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
- Real-time Detection
- Interactive Malware Analysis
- Easy to Learn by New Security Team members
- Get detailed reports with maximum data
- Set Up Virtual Machine in Linux & all Windows OS Versions
- Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
For this reason, predictive and real-time threat intelligence that comes with advanced DDoS protection should be used to identify threats before they affect infrastructure.
Moreover, this allows immediate automated attack mitigation to reduce downtime by ensuring the continuity of operation for enterprises and the uninterrupted availability of vital services.Β
Converting reactive security into a proactive one enables businesses or organizations to plan strategically and ensures their security online against any threat to keep their systems protected.
Being aware of the changing threat environment is essential for predictive DDoS defense.
Recommendations
Here below, we have mentioned all the recommendations that will help in defending the DDoS attacks:-
- Implement DDoS mitigation solutions
- Regularly update and patch systems
- Make sure to implement web application firewalls (WAFs)
- Conduct regular security assessments
- Develop and test incident response plans
- Implement rate-limiting and traffic filtering
- Use content delivery networks (CDNs)
- Educate employees on security best practices
- Collaborate with security professionals and law enforcement
- Consistently implement redundancy and load balancing.
Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training ->Try Free DemoThe post 13,142,840 DDoS Attacks Targeted Organization Around The Globe appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
In today’s digital world, where connectivity is rules all, endpoints serve as the gateway to a businessβs digital kingdom. And because of this, endpoints are one of hackers’ favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. “Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware,” Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development,
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
CYBERSECURITY / DEFENSE / INTELLIGENCE
