Cisco has released patches for two privilege escalation vulnerabilities in its Integrated Management Controller (IMC) that is used for out-of-band management of many of its server products, as well as various appliances. The flaws could allow authenticated attackers to execute commands as root on the underlying operating system, one of them already has proof-of-concept exploit code available publicly. The two vulnerabilities, tracked as CVE-2024-20295 and CVE-2024-20356, are rated 8.8 and 8.7 in the Common Vulnerability Scoring System (CVSS) which equates to high severity. Both can be exploi ..read more

UK law enforcement has infiltrated “LabHost,” a fraudulent online service used by more than 10,000 cybercriminals to create phishing websites and trick victims into revealing personal information. Law enforcement agencies from 19 countries coordinated to disrupt the criminal network. Between April 14 and April 17, through a joint operation led by the Metropolitan police, Labhost’s existing services were disrupted with a seizure notice, and a total of 37 arrests were made by the UK as well as international law enforcement agencies. LabHost is a service which was set up in 2021 by a criminal c ..read more

Cisco has announced Hypershield, an AI-based capability of the company’s Security Cloud platform for hyperscalers. Hypershield is designed to defend cloud, data center, and distributed edge appliances from rapid vulnerability exploitation, according to Cisco. Patching today’s sprawling applications has become a task beyond the capabilities of any security team and manual processes. This covers a range of problems: patching cycles cannot keep up, patch testing is complex and therefore takes too long, and legacy technology is unlikely to be patched at all. This model of centralized vulnerabili ..read more

The Change Healthcare ransomware attack has provoked calls to mandate baseline security standards for healthcare providers during Congressional hearings on Tuesday. UnitedHealth Group (UHG) was criticized for its response to a February 2024 attack on its Change Healthcare subsidiary during a three-hour hearing before the House Energy and Commerce Committee. The BlackCat/ALPHV ransomware group broke into Change Healthcare’s systems and encrypted its data before demanding an extortionate payment to restore access. Change Healthcare operates the US’s biggest clearing house for medical claims. T ..read more

Security researchers warn that certain commands executed in the AWS and Google Cloud command-line interfaces (CLIs) will return credentials and other secrets stored in environment variables as part of the standard output. If such commands are executed as part of build workflows in CI/CD tools the secrets will be included in the returned build logs. AWS and Google Cloud consider this expected behavior and it is up to users to take steps to ensure sensitive command outputs are not saved in logs or that sensitive credentials are stored securely and not in environment variables. The Microsoft Az ..read more

Targeting SAP vulnerabilities by threat actors is currently at its peak as systems compromised by ransomware incidents have grown fivefold since 2021, according to joint research by Flashpoint and Onapsis. Based on SAP threat intelligence from Onapsis Research Labs and Flashpoint Threat Intelligence Platform, the research found that multiple, unpatched application-level SAP vulnerabilities are being exploited and used in ransomware campaigns. “This research leverages the combined experience of Onapsis Research Labs on SAP Threats, Vulnerabilities, and Threat Intelligence, with the Flashpoint ..read more

In the wake of a string of high-profile cyber incidents, capped by a crippling ransomware attack on Colonial Pipeline, the US Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) to create a centralized federal government cyber incident reporting apparatus. In March, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM), a crucial step in establishing this new data breach reporting mechanism. CIRCIA mandated that covered entities promptly report to CISA within 72 hours after reasonably believing t ..read more

The Open Source Security Foundation (OpenSSF) together with the OpenJS Foundation have identified additional incidents where attackers attempted to social engineer their way into the management of open source projects using similar techniques that recently led to the backdooring of the XZ Utils package. XZ Utils supply chain compromise The XZ Utils software supply chain compromise was the result of a sophisticated social engineering effort where an attacker managed to earn the trust of the project’s maintainer through legitimate code contributions over multiple years until they were made co ..read more

IntelGroup, a prominent Serbian hacker from the CyberNiggers threat group, has claimed to breach Space-Eyes, a geospatial intelligence firm, catering exclusively to the US government agencies. The breach, which has allegedly compromised the digital infrastructure of the Miami-based firm, stands to expose the US national security data. IntelBroker claimed — through a message posted on BreachForums — that it took the threat actor only “10-15 minutes” to access sensitive data from Space-Eyes systems. The government agencies Space-Eyes does business with include the Department of Justice, the De ..read more

Intellectual property (IP) is the lifeblood of every organization. It didn’t used to be. As a result, now more than ever, it’s a target, placed squarely in the cross-hairs by various forms of cyber attack. Witness the long list of hacks on Hollywood and the entertainment industry’s IP including “Pirates of the Caribbean” and more recently HBO’s “Game of Thrones.”  Your company’s IP, whether that’s patents, trade secrets or just employee know-how, may be more valuable than its physical assets. Security pros must understand the dark forces that are trying to get this inform ..read more