Software company TeamViewer says that a compromised employee account is what enabled hackers to breach its internal corporate IT environment and steal encrypted passwords in an incident attributed to the Russian government.
In an update on Sunday evening, TeamViwer said a Kremlin-backed group tracked as APT29 was able to copy employee directory data like names, corporate contact information and the encrypted passwords, which were for the company’s internal IT environment.
An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data.
The unnamed 42-year-old “allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them,” the Australian Federal Police (AFP) said in a press release last week.
The agency said the suspect was charged in May 2024 after it launched an investigation a month earlier following a report from an airline about a suspicious Wi-Fi network identified by its employees during a domestic flight.
In a significant move that underscores the critical nature of digital security, Google has announced that, starting November 1, 2024, Chrome 127 and all subsequent versions will no longer trust newly issued digital certificates from the American private software company, Entrust, and its affiliate, AffirmTrust. This decision, which also implicates the Mozilla Foundation, marks a pivotal shift in the landscape of internet security and certificate trustworthiness.
A malware campaign of huge magnitude, and perhaps run by just one group, is using artificially nested files for distribution named ‘WEXTRACT.EXE .MUI’.
More than 50,000 files worldwide featuring this method are delivered by different stealers and loaders such as Redline, RisePro, and Amadey.
Several samples are associated with an Eastern European cybercriminal-linked Autonomous System.
Cybersecurity researchers at OutPost24 recently detected that a new hacker group has been attacking the system with 1o malware at the same time.
Projects written completely in a memory-safe language can be affected by memory vulnerabilities if they use external dependencies written in memory-unsafe languages.
The cyber agencies recommend that organizations and software manufacturers:
Reduce memory safety vulnerabilities
Make secure and informed choices when using OSS
Understand the risk of memory vulnerabilities in OSS
Evaluate ways of reducing this risk
“We encourage additional efforts to understand the scope of memory-unsafety risks in OSS and continued discussion of the best approaches to managing and reducing this risk,” the report reads.
The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.
Based on searches using Censys and Shodan, we have identified over 14 million potentially vulnerable OpenSSH server instances exposed to the Internet. Anonymized data from Qualys CSAM 3.0 with External Attack Surface Management data reveals that approximately 700,000 external internet-facing instances are vulnerable. This accounts for 31% of all internet-facing instances with OpenSSH in our global customer base. Interestingly, over 0.14% of vulnerable internet-facing instances with OpenSSH service have an End-Of-Life/End-Of-Support version of OpenSSH running.
Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers.
The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity.
“An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device,” the company said in an advisory issued last week.