The Hacker News.

"Patch Alert:  Critical Apache Struts flaw found, exploitation detected."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 18 December 2024, 1409 UTC.

Content and Source:  https://thehackernews.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Dec 18, 2024 Cyber Attack / Vulnerability

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677 , carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 ( CVE-2023-50164 , CVSS score: 9.8), which also came under active exploitation shortly after public disclosure. "An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution," according to the Apache advisory . In other words, successful exploitation of the flaw could allow a malicious actor to upload arbitrary payloads to susceptible instances, which could then be leveraged to run commands, exfiltrate data, or download additional payloads for follow-on exploitation. T...

Not Your Old ActiveState: Introducing our End-to-End OS Platform

Dec 18, 2024 Software Security / DevSecOps

Having been at ActiveState for nearly eight years, I've seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the developer case, helping to get open source on platforms like Windows. Over time, our focus shifted from helping companies run open source to supporting enterprises managing open source when the community wasn't producing it in the way they needed it. We began managing builds at scale, and supporting enterprises in understanding what open source they're using and if it's compliant and safe. Managing open source at scale in a large organization can be complex. To help companies overcome this and bring structure to their open source DevSecOps practice, we're unveiling our end-to-end platform to help m...

APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

Dec 18, 2024 Cyber Espionage / Malware

The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously documented by Black Hills Information Security in 2022, Trend Micro said in a report. "A victim of this technique would give partial control of their machine to the attacker, potentially leading to data leakage and malware installation," researchers Feike Hacquebord and Stephen Hilt said . The cybersecurity company is tracking the threat group under its own moniker Earth Koshchei, stating preparations for the campaign began as early as August 7-8, 2024. The RDP campaigns were also spotlighted by the Computer Emergency Response Team of Ukraine (CERT-UA), Microsoft, and Amazon ...

Shaping the Cyber-Physical Future: Trends, Challenges and Opportunities for 2025

ClaroEnterprise Security / Artificial Intelligence

Learn the essential strategies for enhancing data privacy, building resilient supply chains, and mitigating the latest cyber-physical security challenges to prepare your business to thrive in 2025.

ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

Dec 18, 2024 Threat Detection / Endpoint Security

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it's vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions. Luckily, the 2024 MITRE ATT&CK Evaluation — the most widely trusted resource to track which solutions are effective — is now available. This practical guide distills key takeaways and advice to interpret the results. Cynet was the only vendor to achieve 100% Visibility and 100% Protection in the 2024 Evaluation. That means the All-in-One Cybersecurity Platform detected 100% of the threats tested in the Detection Phase and blocked 100% of the attacks simulated in the Protection Phase of the Evaluation. Moreover, Cynet achieved the 100% detection with no false positives. "These 2024 MITRE ATT&CK Evaluation results reflect o...

BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products

Dec 18, 2024 SaaS Security / Incident Response

BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users. Remote Support allows service desk personnel to securely connect to remote systems and mobile devices. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), has been described as an instance of command injection. "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user," the company said in an advisory. An attacker could exploit the flaw by sending a malicious client request, effectively leading to the execution of arbitrary...

INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse

Dec 18, 2024 Cyber Fraud / Social engineering

INTERPOL is calling for a linguistic shift that aims to put to an end to the term " pig butchering ," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming forward to seek help and provide information to the authorities," the agency said in a statement. The cryptocurrency theft scheme first appeared in China around 2016, but has since proliferated across the world over the years. It has its origins in the Chinese phrase "杀猪盘" ("shā zhū pán"), which literally translates to "pig butchering," a reference to the practice of fattening a pig before slaughter. In a similar vein, the investment fraud often involves fraudsters contacting prospective targets on social media and da...

Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

Dec 18, 2024 Data Breach / Privacy

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million Facebook accounts globally, of which approximately 3 million were based in the European Union and European Economic Area (EEA). It's worth noting that initial estimates from the tech giant had pegged the total number of affected accounts at 50 million. The incident, which the social media company disclosed back in September 2018, arose from a bug that was introduced to Facebook's systems in July 2017, allowing unknown threat actors to exploit the "View As" feature that lets a user see their own profile as someone else. This ultimately made it possible to obtain account ac...

Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

Dec 07, 2024Enterprise Security / Threat Prevention

Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes. Manual account discovery that's time-consuming. Weak enforcement of least privilege access. Gaps that let admins bypass controls. These flaws leave critical vulnerabilities that attackers exploit daily. But it doesn't have to be this way. In our webinar, " Preventing Privilege Escalation: Effective PAS Practices for Today's Threat Landscape , " we'll show you how to secure your privileged accounts and stay ahead of threats. What you'll gain: Close Security Gaps : Learn to find and fix vulnerabilities in your privileged accounts. Actionable Insights : Discover proven PAS strategies ...

Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

Dec 17, 2024 Malware / Credential Theft

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate . "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said . "The attacker failed to install a Microsoft Remote Support application but successfully instructed the victim to download AnyDesk, a tool commonly used for remote access." As recently documented by cybersecurity firm Rapid7, the attack involved bombarding a target's email inbox with "thousands of emails," after which the threat actors approached them via Microsoft Teams by masquerading as an employee of an external supplier. The attacker then went on to instruct the victim to install AnyDesk on their system, with the remote access subsequently abused to deliver multiple payloads, includ...

Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

Dec 17, 2024 Cyber Attack / Malware

A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE , said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack. "One of the more notable aspects of the campaign is how the threat actors leverage MSC (Microsoft Common Console Document) files to deploy a dual-purpose loader and dropper to deliver further malicious payloads," security researchers Den Iuzvyk and Tim Peck said . It's worth noting that the abuse of specially crafted management saved console (MSC) files to execute malicious code has been codenamed GrimResource by Elastic Security Labs. The starting point is a file with double extensions (.pdf.msc) that masquerades as a PDF file (if the setting to display file extensions is disabled)...

Even Great Companies Get Breached — Find Out Why and How to Stop It

Dec 17, 2024 Webinar / Risk Management

Even the best companies with the most advanced tools can still get hacked. It's a frustrating reality: you've invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, what's going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticed—even in well-prepared organizations. The good news? These cracks can be found and fixed—if you know where to look. Join John Paul Cunningham, CISO at Silverfort, for a must-attend webinar that uncovers why breaches still happen and how to close the gaps in your security. John Paul will break down complex ideas into clear, actionable steps to help you protect your company. This webinar isn't about more tools—it's about seeing the risks you've missed and learning practical ways to address them before attackers take advantage. What You'll Learn: In this webinar , you'll discover: Why breaches still happen: How attackers bypass even...

Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

Dec 17, 2024 Cyber Espionage / Malware

A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint researchers Nick Attfield, Konstantin Klinger, Pim Trouerbach, and David Galazin said in a report shared with The Hacker News. The enterprise security company is tracking the threat actor under the name TA397. Known to be active since at least 2013, the adversary is also referred to as APT-C-08, APT-Q-37, Hazy Tiger, and Orange Yali. Prior attacks conducted by the hacking group have targeted entities in China, Pakistan, India, Saudi Arabia, and Bangladesh with malware such as BitterRAT , ArtraDownloader , and ZxxZ, indicating a heavy Asian focus. Bitter has also been linked to cyber...