Aggregator

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. "NoviSpy allows for capturing sensitive personal data from a target's phone after infection and provides the ability to turn on the phone's microphone or camera remotely," the

Grok is the chatbot of xAI. It’s a state-of-the-art model, chatbot and recently also API. It has a Web UI and is integrated into the X (former Twitter) app, and recently it’s also accessible via an API. Since this post is a bit longer, I’m adding an index for convenience: Table of Contents High Level Overview Analyzing Grok’s System Prompt Prompt Injection from Other User’s Posts Prompt Injection from Images Prompt Injection from PDFs Conditional Prompt Injection and Targeted Disinformation Data Exfiltration - End-to-End Demonstration Rendering of Clickable Hyperlinks to Phishing Sites ASCII Smuggling - Crafting Invisible Text and Decoding Hidden Secrets Hidden Prompt Injection Creation of Invisible Text Grok API is also Vulnerable to ASCII Smuggling Developer Guidance for Grok API Automatic Tool Invocation Responsible Disclosure Conclusion High Level Overview Over the last year I have used Grok quite a bit.

Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals, as the actor has launched at least 10 malvertising campaigns hosted on two specific IP addresses: 185.11.61[.]243 and 185.147.124[.]110, where these malicious ads, when clicked, redirect users to websites that initiate malicious downloads. Two IP addresses, 185.11.61.243 and 185.147.124.110, have been […]

The post Hackers Abuse Google Ads To Attacking Graphic Design Professionals appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Как приложение помогает выявить опасность, о которой никто не говорит.

Recent cyberattacks targeting critical infrastructure, including fuel management systems and water treatment facilities in Israel and the US, have been attributed to the Iranian-backed CyberAv3ngers.  The attacks, leveraging a custom-built malware named IOCONTROL, exploit vulnerabilities in IoT and OT devices, such as routers, PLCs, HMIs, and firewalls.  The malware, designed to operate on various platforms, […]

The post Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And Firewalls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Oracle WebCenter Sites 11.1.1.6.1/11.1.1.8.0 and classified as critical. This issue affects some unknown processing of the component Community. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2014-0112. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework for developing Java web applications. The vulnerability, assigned the identifier CVE-2024-53677, has a critical CVSS score of 9.5, indicating its potential for severe impact if left unaddressed. Background on the Vulnerability Apache Struts2 announced the vulnerability last week, highlighting […]

The post Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, was found in Elastic Path 4.1.1. Affected is an unknown function. The manipulation of the argument dir leads to path traversal. This vulnerability is traded as CVE-2008-1606. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

In early October, Bellingcat’s Tech team organised its second ever in-person hackath

The Serbian authorities have been using advanced mobile forensics products made by Israeli firm Cellebrite to extract data from mobile devices illegally

Cyber Threats / Weekly RecapThis past week has been packed with unsettling developments in the wo

This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there’s a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. Meanwhile, law enforcement has scored wins

Short-Lived Certificates Coming to Let’s EncryptStarting next year:Our longstanding offer

前言​ Apache官方公告又更新了一个Struts2的漏洞，考虑到很久没有发无密码的博客了，再加上漏洞的影响并不严重，因此公开分享利用的思路。分析影响版本Struts 2.0.0 - Struts

A vulnerability was found in WaveMaker Studio 6.6. It has been rated as critical. This issue affects some unknown processing of the file com/wavemaker/studio/StudioService.java. The manipulation of the argument inUrl leads to server-side request forgery. The identification of this vulnerability is CVE-2019-8982. The attack may be initiated remotely. Furthermore, there is an exploit available.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-20767 Adobe ColdFusion Improper Access Control Vulnerability
• CVE-2024-35250 Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA—through the Joint Cyber Defense Collaborative and in coordination with the Office of the National Cyber Director (ONCD)—released the National Cyber Incident Response Plan Update Public Comment Draft. The draft requests public comment on the National Cyber Incident Response Plan (NCIRP)—public comment period begins today and concludes on January 15, 2025. 

As of January 3, 2025: The public comment period has been extended and now concludes on February 14, 2025.

Since initial publication in 2016, CISA conducted broad and extensive engagement and information exchanges with public and private sector partners, interagency partners, federal Sector Risk Management Agencies (SRMAs), and regulators to build upon the successes of the inaugural NCIRP. The draft NCIRP update describes a national approach to coordinating significant cyber incident detection and response. 

The draft update considers the evolution in the cyber threat landscape and lessons learned from historical incidents. The text also addresses the vital role that the private sector, state and local governments (including tribal and territorial), and federal agencies hold in responding to cyber incidents.

CISA is seeking more perspectives to help strengthen the NCIRP and invites stakeholders from across the public and private sectors to share their knowledge and experiences, further informing our findings and contributing to this revision. Public comments may be posted via the Federal Register.