Secure Bytes Insight IT by Edi Rimkus

Synology Rushes to Patch Zero-Days Exploited at Pwn2Own In the fast-paced world of cybersecurity, staying ahead of threats is paramount. This was highlighted once again at the recent Pwn2Own hacking competition in Ireland, where researchers uncovered critical vulnerabilities in Synology's popular network-attached storage (NAS) devices. Here’s what you need to know: The Discovery During the competition, security researcher Rick de Jager from Midnight Blue discovered two zero-click vulnerabilities in Synology Photos and BeePhotos for BeeStation software. These vulnerabilities were particularly concerning because they allowed remote attackers to execute arbitrary code on vulnerable NAS appliances—without any user interaction. The Immediate Response Synology acted swiftly to address these vulnerabilities. Within days of their discovery, the company released patches to protect users from potential exploits. The affected versions were: Synology Photos 1.7 for DSM 7.2: Users should upgra...

New Cyber Attack Warning—Confirming You Are Not A Robot Can Be Dangerous Google's reCAPTCHA bot protection has been [-] weaponised getty In the ever-evolving landscape of cyber threats, a new and particularly insidious attack has been identified by researchers at Qualys. This attack takes advantage of a common and seemingly harmless security measure: CAPTCHA verification. Here's what you need to know to stay safe. The Anatomy of the Attack Cybercriminals have devised a method to use fake CAPTCHAs to trick users into running malicious code. Here’s how it works: Fake CAPTCHA Prompt: Users are redirected to a website that asks them to "Verify You Are Human" by performing a task. This might involve deleting a system file or running a command prompt. Malicious Script: The prompt copies a malicious script to the user's clipboard and instructs them to paste it into the terminal window. This makes the process appear as a standard verification step. Execution of Malware:...

Cisco Investigates Cybersecurity Incident and Takes DevHub Portal Offline In a recent development, Cisco is actively investigating a cybersecurity incident that led to the temporary shutdown of their DevHub portal. The incident has raised significant concerns within the tech community, highlighting the ongoing challenges large organizations face in protecting their digital assets and customer data. The Incident On October 18, 2024, Cisco discovered reports of an unauthorized actor, known as IntelBroker, allegedly gaining access to certain Cisco data and consumer data. IntelBroker claimed to have breached Cisco and attempted to sell stolen information and source code. This unauthorized access was reportedly achieved through a sensitive API token in a third-party developer environment, leading to concerns about the security of Cisco's developer resources. Cisco's Response As a precautionary measure, Cisco took the DevHub portal offline to prevent further unauthorized access and p...

Critical VMware HCX Vulnerability: What You Need to Know (Image by  Shah Sheikh ) In a recent security advisory, VMware disclosed a critical vulnerability in its Hybrid Cloud Extension (HCX) platform. This vulnerability, identified as CVE-2024-38814, poses a significant threat to organizations using HCX for application mobility and workload migration across data centers and clouds. The Vulnerability The VMware HCX vulnerability is a form of SQL injection that allows authenticated users with non-administrator privileges to execute remote code on the HCX manager. With a CVSS score of 8.8, this high-severity vulnerability can be exploited by inserting malicious SQL queries into the HCX system, potentially granting attackers unauthorized access and control. Affected Versions VMware HCX 4.8.x VMware HCX 4.9.x VMware HCX 4.10.x Mitigation Steps To mitigate this vulnerability, VMware has released patches for the affected versions: HCX 4.8.3 HCX 4.9.2 HCX 4.10.1 Organizations using these v...

New Cybercrime Warning: 2FA Vulnerability Targeting Gmail, Outlook, Facebook, and X Users The landscape of cybersecurity is ever-evolving, and with it, new threats emerge. Recently, a leading cybercrime agency issued a crucial warning regarding a new vulnerability targeting Two-Factor Authentication (2FA) across popular platforms such as Gmail, Outlook, Facebook, and X (formerly Twitter). What is 2FA? Two-Factor Authentication (2FA) is a security measure that requires users to provide two forms of identification before accessing an account. Typically, this involves something you know (like a password) and something you have (like a mobile device). This extra layer of security is designed to prevent unauthorized access even if your password is compromised. The New Threat Despite its effectiveness, cybercriminals have developed new methods to bypass 2FA protections. This latest threat specifically targets major email providers and social media platforms, exploiting weaknesses in the 2FA ...

Ransomware Encryption Down Amid Surge of Attacks: A 300% Drop in Two Years In recent years, ransomware attacks have become a major concern for organizations worldwide, disrupting operations and leading to significant financial losses. However, a recent report from Microsoft brings a glimmer of hope amidst the chaos. The company has recorded a dramatic 300% drop in ransomware attacks reaching the encryption stage over the past two years. This decline is largely attributed to the advancement of automatic attack disruption technologies. The Silver Lining While ransomware remains a formidable threat, the decline in encryption success suggests that defenses are improving. Automatic attack disruption technologies have become more effective at detecting and neutralizing threats before they can encrypt data, thus averting potentially disastrous consequences for organizations. The Dark Cloud: Surge in Overall Attacks Despite this positive trend, it's crucial to note that ransomware attacks ...

OpenAI Confirms Threat Actors Exploit ChatGPT to Write Malware In a striking development within the cybersecurity landscape, OpenAI has confirmed that malicious actors have been utilizing its AI-powered chatbot, ChatGPT, to craft and enhance malware. This revelation marks the first official acknowledgment that widely-used generative AI tools are being exploited for nefarious purposes. Unraveling the Threat OpenAI's report details how cybercriminals are leveraging ChatGPT's capabilities to write, debug, and optimize malware. One notable use case involves the creation of multi-step infection chains. For instance, threat actors might employ ChatGPT to develop a PowerShell loader, subsequently deploying a payload like an info-stealer. This use of AI renders the malware more sophisticated, elusive, and challenging to detect. Global Security Implications The report sheds light on the involvement of threat actors from various countries, including China and Iran, indicating a global re...