YesWeHack raises €26 million to expand its international growth

From helpnetsecurity.com

YesWeHack announces a €26 million Series C funding round.

In a world where cyber risks are more strategic and complex than ever, YesWeHack will use this funding to invest in Artificial Intelligence, launch new innovative solutions and expand its international growth.

The round is led by Wendel, alongside new investors such as Adelie and Seventure Partners, as well as reinvestment from Bpifrance, Open CNP and Eiffel Investment Group. YesWeHack is also delighted to welcome Renaud Deraison, Co-Founder 

Read more…

QR code SQL injection and other vulnerabilities in a popular biometric terminal

From securelist.com

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech, have their weaknesses. This article touches on biometric scanner security from the red team’s perspective and uses the example of a popular hybrid terminal model to demonstrate approaches to scanner analysis. These approaches are admittedly fairly well known and applied to analysis of any type of device.

We also talk about the benefits of biometric scanners for access control systems and their role in ensuring a due standard of security given today’s realities. Furthermore, we discuss vulnerabilities in a biometric scanner from a major global vendor that we found while analyzing its level of security. The article will prove useful for both security researchers and architects.

We have notified the vendor about all the vulnerabilities and security issues we found. A CVE entry has been registered for each of the vulnerability types: CVE-2023-3938CVE-2023-3939CVE-2023-3940CVE-2023-3941CVE-2023-3942CVE-2023-3943.

Read more…

Hackers Weaponizing MSC Files In Targeted Attack Campaign

From gbhackers.com

Hackers utilize MSC or Microsoft Management Console files in themed attack campaigns as these files contain commands and scripts that enable them to perform different administrative tasks on the target system. 

By mimicking legitimate files, MSC files can evade various security properties and access overview and control of the vulnerable system with privileges, consequently resulting in unauthorized access to its data and other malicious deeds.

Cybersecurity researchers at NTT recently identified that hackers are weaponizing the MSC files in targeted attack campaigns.

Read more…

Enterprise Browser vs Remote Browser Isolation (RBI): Key DifferenceAttribution

From latesthackingnews.com

In different industries, many companies are going digital as they explore various options to reach new audiences and convert new customers. However, many of these companies often encounter cybersecurity challenges in their quest, requiring them to invest in cybersecurity solutions. Besides customers, the increasing acceptance of remote work in different organizations means that sensitive information and resources are shared over the Internet. Thus, while accessing their options for security solutions, there are often arguments on which to choose between enterprise browsers and remote browser isolation tools. In this article, we will explore how each of these cybersecurity solutions works and the major differences between the two.

Read more…

Cylance confirms data breach linked to ‘third-party’ platform

From bleepingcomputer.com

Cybersecurity company Cylance confirmed the legitimacy of data being sold on a hacking forum, stating that it is old data stolen from a “third-party platform.”

A threat actor known as Sp1d3r is selling this stolen data for $750,000, as first spotted by Dark Web Informer.

The data allegedly includes a substantial amount of information, such as 34,000,000 customer and employee emails and personally identifiable information belonging to Cylance customers, partners, and employees.

However, researchers have told BleepingComputer that the leaked samples appear to be old marketing data used by Cylance.

BlackBerry Cylance told BleepingComputer that they’re aware of and investigating the threat actor’s claims but that no “BlackBerry data and systems related to [..] customers, products, and operations have been compromised.”

Read more…

Arm Warns Of Mali GPU Kernel Driver Flaws Exploited In The Wild

From gbhackers.com

The Mali GPU driver is a widely used Graphical Processing Unit for multiple devices, including Android and Linux.

A new vulnerability has been discovered in the Mali GPU Kernel driver. It allows an authenticated, low-privileged user to gain access to freed memory. 

The CVE for this vulnerability has been assigned to CVE-2024-4610, and the severity has yet to be categorized.

However, Arm has patched this vulnerability, but there are reports that threat actors are exploiting it in the wild. Arm advises its users to upgrade their Mali GPU drivers to the latest versions.

Read more…

Exploit for critical Veeam auth bypass available, patch now

From bleepingcomputer.com

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.

Veeam Backup Enterprise Manager (VBEM) is a web-based platform for managing Veeam Backup & Replication installations via a web console. It helps control backup jobs and perform restoration operations across an organization’s backup infrastructure and large-scale deployments.

Veeam issued a security bulletin about the critical flaw on May 21, warning about a critical vulnerability enabling remote unauthenticated attackers to log in to VBEM’s web interface as any user.

The vendor urged its customers to address the problem by upgrading to VBEM version 12.1.2.172, while also sharing mitigation tips for those unable to apply the update immediately.

Read more…