Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks,

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks.
The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and

,

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks.
The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and

, ,
https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html

Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol,

Google has announced that it intends to add support for Message Layer Security (MLS) to its Messages service for Android and open source implementation of the specification.
« Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform, » Giles Hogben, privacy engineering

,

Google has announced that it intends to add support for Message Layer Security (MLS) to its Messages service for Android and open source implementation of the specification.
« Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform, » Giles Hogben, privacy engineering

, ,
https://thehackernews.com/2023/07/google-messages-getting-cross-platform.html

How to Protect Patients and Their Privacy in Your SaaS Apps

How to Protect Patients and Their Privacy in Your SaaS Apps,

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year ago, during which over 50 million records were

,

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year ago, during which over 50 million records were

, ,
https://thehackernews.com/2023/07/how-to-protect-patients-and-their.html

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection,

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions.
« This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent, » Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

,

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions.
« This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent, » Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

, ,
https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html

Banking Sector Targeted in Open-Source Software Supply Chain Attacks

Banking Sector Targeted in Open-Source Software Supply Chain Attacks,

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector.
« These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it, » Checkmarx said in a report published last week.
« The attackers

,

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector.
« These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it, » Checkmarx said in a report published last week.
« The attackers

, ,
https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html

Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands

Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands,

Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies.
The development, first reported by BBC News, makes the iPhone maker the latest to join the chorus of voices protesting against forthcoming

,

Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies.
The development, first reported by BBC News, makes the iPhone maker the latest to join the chorus of voices protesting against forthcoming

, ,
https://thehackernews.com/2023/07/apple-threatens-to-pull-imessage-and.html

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports,

The recent attack against Microsoft’s email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought.
According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD or AAD) tokens to gain illicit access to Outlook Web Access (OWA) and

,

The recent attack against Microsoft’s email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought.
According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD or AAD) tokens to gain illicit access to Outlook Web Access (OWA) and

, ,
https://thehackernews.com/2023/07/azure-ad-token-forging-technique-in.html

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software,

A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office.
« HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and

,

A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office.
« HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and

, ,
https://thehackernews.com/2023/07/hotrat-new-variant-of-asyncrat-malware.html

Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities

Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities,

A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts.
« BundleBot is abusing the dotnet bundle (single-file), self-contained format that results in very low or no static detection at all, » Check Point said in a report

,

A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts.
« BundleBot is abusing the dotnet bundle (single-file), self-contained format that results in very low or no static detection at all, » Check Point said in a report

, ,
https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html

Local Governments Targeted for Ransomware – How to Prevent Falling Victim

Local Governments Targeted for Ransomware – How to Prevent Falling Victim,

Regardless of the country, local government is essential in most citizens’ lives. It provides many day-to-day services and handles various issues. Therefore, their effects can be far-reaching and deeply felt when security failures occur.
In early 2023, Oakland, California, fell victim to a ransomware attack. Although city officials have not disclosed how the attack occurred, experts suspect a

,

Regardless of the country, local government is essential in most citizens’ lives. It provides many day-to-day services and handles various issues. Therefore, their effects can be far-reaching and deeply felt when security failures occur.
In early 2023, Oakland, California, fell victim to a ransomware attack. Although city officials have not disclosed how the attack occurred, experts suspect a

, ,
https://thehackernews.com/2023/07/local-governments-targeted-for.html