CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software – OfficialSarkar

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software – OfficialSarkar

Jul 16, 2024NewsroomVulnerability / Infrastructure Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial…

Kaspersky Exits U.S. Market Following Commerce Department Ban – OfficialSarkar

Jul 16, 2024NewsroomNational Security / Data Security Russian security vendor Kaspersky has said it’s exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The company…

GitHub Token Leak Exposes Python’s Core Repositories to Potential Attacks – OfficialSarkar

Jul 15, 2024NewsroomSupply Chain Attack / Cyber Threat Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories. JFrog, which found the GitHub Personal Access Token, said the secret was…

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool – OfficialSarkar

Jul 15, 2024NewsroomSaaS Security / Vulnerability A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes “mass scanning, exploiting multiple vulnerabilities,…

Infostealer Garden of Low-Hanging Fruit – OfficialSarkar

Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn’t it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that’s basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few…

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months – OfficialSarkar

Jul 15, 2024NewsroomCybersecurity / Mobile Security Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore (MAS) and The Association of Banks in…

New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection – OfficialSarkar

Jul 15, 2024NewsroomNetwork Security / Data Protection Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. “Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection,” Cybereason researchers Kotaro Ogino and Koshi Oyama said in…

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers – OfficialSarkar

American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to “nearly all” of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network. “Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25,…

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign – OfficialSarkar

Jul 12, 2024NewsroomMalware / Cyber Attack Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual…

Australian Defence Force Private and Husband Charged with Espionage for Russia – OfficialSarkar

Jul 12, 2024NewsroomCyber Crime / Online Safety Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a “complex” law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media…