Details

Cyber Security News

11 March 2024

Two new zero-day vulnerabilities have been discovered in iOS and iPadOS 17.4 versions that could allow threat actors to bypass memory protections and perform arbitrary kernel read and write on the affected devices.

These two vulnerabilities have been assigned with CVE-2024-23225 and CVE-2024-23296. However, Apple has addressed these two vulnerabilities in their recent security advisory and has issued patches for fixing them. Apple also stated that they were aware of the report that threat actors may have exploited these two vulnerabilities in the wild.

This particular vulnerability exists in the iOS kernel due to a memory corruption issue that could allow threat actors to perform arbitrary kernel read and write by bypassing kernel protections. The severity for this vulnerability is yet to be categorised. 

Products affected by this vulnerability include iPhone XS and, later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. Read More..

Details

BleepingComputer

05 March 2024

The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks.

TA577 is considered an initial access broker (IAB), previously associated with Qbot and linked to Black Basta ransomware infections.

Email security firm Proofpoint reports today that although it has seen TA577 showing a preference for deploying Pikabot recently, two recent attack waves demonstrate a different tactic.

Distinct TA577 campaigns launched on February 26 and 27, 2024, disseminated thousands of messages to hundreds of organizations worldwide, targeting employees' NTLM hashes.

NTLM hashes are used in Windows for authentication and session security and can be captured for offline password cracking to obtain the plaintext password. Read More..

Details

The Hacker News

05 March 2024

More than a decade ago, the concept of the 'blameless' postmortem changed how tech companies recognize failures at scale.

John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident, which is to point fingers: "One option is to assume the single cause is incompetence and scream at engineers to make them 'pay attention!' or 'be more careful!' Another option is to take a hard look at how the accident actually happened, treat the engineers involved with respect, and learn from the event." Read More..

Details

The Hacker News

05 March 2024

A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that's designed to primarily target mobile devices.

"This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick the target into sharing usernames, passwords, password reset URLs, and even photo IDs from hundreds of victims, mostly in the United States," Lookout said in a report.

Targets of the phishing kit include employees of the Federal Communications Commission (FCC), Binance, Coinbase, and cryptocurrency users of various platforms like Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown, and Trezor. More than 100 victims have been successfully phished to date. Read More..