The Hacker News

"PAN-OS Firewall vulnerability under active exploitation-IoCs released."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  

Content and Source:  https://thehackernews.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Nov 16, 2024 Vulnerability / Network Security

Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface IP addresses that are accessible over the internet - 136.144.17[.]* 173.239.218[.]251 216.73.162[.]* The company, however, warned that these IP addresses may possibly represent "third-party VPNs with legitimate user activity originating from these IPs to other destinations." Palo Alto Networks' updated advisory indicates that the flaw is being exploited to deploy a web shell on compromised devices, allowing threat actors to gain persistent remote access. The vulnerability, which is yet to be assigned a CVE identifier, carries a CVSS score of 9.3, indicating critical severity. It a

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

Nov 16, 2024 Vulnerability / VPN Security

A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA . Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA, DEEPPOST, and LightSpy . "DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices," security researchers Callum Roxan, Charlie Gardner, and Paul Rascagneres said Friday. The malware first came to light earlier this week, when BlackBerry detailed the Windows-based surveillance framework as used by the China-linked APT41 threat actor to harvest data from WhatsApp, Telegram, Signal, WeChat, LINE, QQ, Skype, Microsoft Outlook, DingDing, Feishu, KeePass, as well as application passwords

Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations

Nov 15, 2024 Cyber Espionage / Malware

Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Cybersecurity company Check Point has codenamed the malware WezRat , stating it has been detected in the wild since at least September 1, 2023, based on artifacts uploaded to the VirusTotal platform. "WezRat can execute commands, take screenshots, upload files, perform keylogging, and steal clipboard content and cookie files," it said in a technical report. "Some functions are performed by separate modules retrieved from the command and control (C&C) server in the form of DLL files, making the backdoor's main component less suspicious." WezRat is assessed to be the work of Cotton Sandstorm, an Iranian hacking group that's better known under the cover names Emennet Pasargad and, more recently, Aria Sepehr Ayandehsazan (ASA). The malware w

Permiso Security's 2024 State of Identity Security Report

PermisoThreat Detection / Identity Security

More than 90% of respondents expressed concern over their team and tooling's ability to detect identity-based attacks. Learn about critical gaps in security programs and what environments pose the most risk to security teams. Download the Report.

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

Nov 15, 2024 Artificial Intelligence / Vulnerability

Cybersecurity researchers have disclosed two security flaws in Google's Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. "By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to all data services in the project," Palo Alto Networks Unit 42 researchers Ofir Balassiano and Ofir Shaty said in an analysis published earlier this week. "Deploying a poisoned model in Vertex AI led to the exfiltration of all other fine-tuned models, posing a serious proprietary and sensitive data exfiltration attack risk." Vertex AI is Google's ML platform for training and deploying custom ML models and artificial intelligence (AI) applications at scale. It was first introduced in May 2021. Crucial to leveraging the privilege escalation flaw is a feature called Vertex AI Pipelines , which allows users to automat

Live Webinar: Dive Deep into Crypto Agility and Certificate Management

Nov 15, 2024 Webinar / Cyber Security

In the fast-paced digital world, trust is everything—but what happens when that trust is disrupted? Certificate revocations, though rare, can send shockwaves through your operations, impacting security, customer confidence, and business continuity. Are you prepared to act swiftly when the unexpected happens? Join DigiCert's exclusive webinar, " When Shift Happens: Are You Ready for Rapid Certificate Replacement? " , and discover how automation, crypto agility, and best practices can transform revocation challenges into opportunities for growth and resilience. Here's what you'll uncover: Revocations Uncovered: Understand why they happen, their ripple effects, and the role of post-quantum cryptography in mitigating risks. Automation to the Rescue: Learn how to minimize downtime and streamline certificate replacements with cutting-edge tools. Crypto Agility in Action: Stay ahead of evolving cryptographic standards with strategies that keep your organization secure and

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

Nov 15, 2024 Malware / Credential Theft

A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer . The malware "targets victims' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software," Cisco Talos researchers Joey Chen, Alex Karkins, and Chetan Raghuprasad said . "PXA Stealer has the capability to decrypt the victim's browser master password and uses it to steal the stored credentials of various online accounts" The connections to Vietnam stem from the presence of Vietnamese comments and a hard-coded Telegram account named " Lone None " in the stealer program, the latter of which includes an icon of Vietnam's national flag and a picture of the emblem for Vietnam's Ministry of Public Security. Cisco Talos said it observed th

Earn a Master's in Cybersecurity Risk Management

Georgetown UniversityCyber Security

Lead the future of cybersecurity risk management with an online Master's from Georgetown.

How AI Is Transforming IAM and Identity Security

Nov 15, 2024 Machine Learning / Identity Security

In recent years, artificial intelligence (AI) has begun revolutionizing Identity Access Management (IAM), reshaping how cybersecurity is approached in this crucial field. Leveraging AI in IAM is about tapping into its analytical capabilities to monitor access patterns and identify anomalies that could signal a potential security breach. The focus has expanded beyond merely managing human identities — now, autonomous systems, APIs, and connected devices also fall within the realm of AI-driven IAM, creating a dynamic security ecosystem that adapts and evolves in response to sophisticated cyber threats. The Role of AI and Machine Learning in IAM AI and machine learning (ML) are creating a more robust, proactive IAM system that continuously learns from the environment to enhance security. Let's explore how AI impacts key IAM components: Intelligent Monitoring and Anomaly Detection AI enables continuous monitoring of both human and non-human identities , including APIs, service acc

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Nov 15, 2024 Vulnerability / Database Security

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979 , carries a CVSS score of 8.8. Environment variables are user-defined values that can allow a program to dynamically fetch various kinds of information, such as access keys and software installation paths, during runtime without having to hard-code them. In certain operating systems, they are initialized during the startup phase. "Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g., PATH )," PostgreSQL said in an advisory released Thursday. "That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user."

Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin

Nov 15, 2024 Financial Fraud / Blockchain

Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange. Heather Rhiannon Morgan, his wife, also pleaded guilty to the same crimes last year. They were both arrested in February 2022. Morgan is scheduled to be sentenced on November 18. "Lichtenstein, 35, hacked into Bitfinex's network in 2016, using advanced hacking tools and techniques," the DoJ said in a press statement. "Once inside the network, Lichtenstein fraudulently authorized more than 2,000 transactions transferring 119,754 bitcoin from Bitfinex to a cryptocurrency wallet in Lichtenstein's control." TRM Labs said Lichtenstein exploited a vulnerability in Bit

CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed

Nov 15, 2024 Network Security / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition software have come under active exploitation in the wild. To that end, it has added the vulnerabilities to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5, 2024. The security flaws are listed below - CVE-2024-9463 (CVSS score: 9.9) - Palo Alto Networks Expedition OS Command Injection Vulnerability CVE-2024-9465 (CVSS score: 9.3) - Palo Alto Networks Expedition SQL Injection Vulnerability Successful exploitation of the vulnerabilities could allow an unauthenticated attacker to run arbitrary OS commands as root in the Expedition migration tool or reveal its database contents. This could then pave the way for disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls, or cr