Tuesday, October 15, 2024

Supply Chain & Open-source Ecosystem like PIP, NPM is Abused by Command-jacking & Malicious Plugin

The world of open-source software development, while fostering collaboration and innovation, is also a breeding ground for malicious actors. A recent discovery by Checkmarx researchers reveals a critical vulnerability within programming ecosystems like PyPI, npm, Ruby Gems, and others, allowing attackers to exploit entry points and launch sophisticated supply chain attacks. These attacks are particularly stealthy, capable of evading traditional security measures and silently infiltrating systems.

Entry points are a powerful feature in programming languages like Python, enabling developers to expose functionality as command-line wrappers or load plugins to enhance package features. While this functionality fosters modularity and efficiency, it unfortunately presents a gateway for malicious actors to distribute code undetected.

Akira/Fog Ransomware Is Being Deploy to Unpatched Veeam Backup/Replication

Cybercriminals are exploiting a patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware, highlighting the ongoing threat posed by vulnerabilities even after they've been addressed. Cybersecurity firm Sophos has observed a recent spike in attacks leveraging compromised VPN credentials and the now-patched CVE-2024-40711, a critical vulnerability allowing unauthenticated remote code execution.

The attacks, detailed by Sophos, highlight a concerning trend of exploiting unpatched vulnerabilities and compromised VPNs to gain access to sensitive systems. The exploited flaw, CVE-2024-40711, was discovered and reported by security researcher Florian Hauser of CODE WHITE and was addressed by Veeam in early September 2024. However, the attackers are using it to create local accounts, gain administrator privileges, and deploy ransomware.

Sophos has observed a pattern in the attacks, with threat actors exploiting vulnerable Veeam instances running on port 8000, triggering the Veeam.Backup.MountService.exe to create a local account named 'point' and grant it administrator privileges. These privileges are then used to deploy ransomware or exfiltrate data.

The Fog ransomware deployment, for instance, involved dropping the ransomware on an unprotected Hyper-V server and using the rclone utility to exfiltrate data. While other ransomware deployments were unsuccessful, the active exploitation of CVE-2024-40711 underlines the critical importance of keeping systems patched and implementing robust security measures, including multifactor authentication for VPN access.

The NHS England has also issued an advisory regarding the threat, emphasizing that enterprise backup and disaster recovery applications are prime targets for cyberattacks. The use of compromised VPNs and unpatched vulnerabilities in these attacks highlights the importance of a multi-layered security approach that includes regular patching, strong password practices, and multifactor authentication.

The emergence of Lynx ransomware, a successor to INC ransomware, further emphasizes the dynamic nature of the ransomware threat landscape. Lynx, active since July 2024, has been observed targeting organizations in various sectors, including retail, real estate, architecture, finance, and environmental services in the U.S. and U.K. The ransomware's emergence is attributed to the sale of INC ransomware's source code on criminal underground markets, highlighting the ease with which ransomware variants can be created and distributed.

The U.S. Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) has also issued an advisory regarding Trinity ransomware, a relatively new ransomware player believed to be a rebrand of 2023Lock and Venus ransomware. Trinity ransomware employs a double extortion strategy, targeting victims with both data encryption and threat of data disclosure. This strategy adds another layer of complexity to the ransomware threat, making it even more challenging for organizations to mitigate its impact.

Adding to the diverse ransomware landscape, a financially motivated threat actor known as BabyLockerKZ has been observed deploying a variant of MedusaLocker ransomware. This variant, primarily targeting organizations in E.U. countries and South America, uses publicly known attack tools and living-off-the-land binaries (LoLBins) to facilitate credential theft and lateral movement within compromised networks. These tools are often wrappers around publicly available tools, providing streamlined attack capabilities with graphical or command-line interfaces.

The rise of ransomware variants and their continued exploitation of vulnerabilities underscores the importance of proactive cybersecurity measures. Organizations need to prioritize comprehensive security strategies that include robust vulnerability management, timely patching, multifactor authentication, and employee training.

Furthermore, organizations need to actively monitor their networks for suspicious activity, implement strong data backup and recovery plans, and consider investing in specialized ransomware detection and response solutions. By taking these steps, organizations can significantly reduce their risk of falling victim to ransomware attacks.

In conclusion, the ongoing exploitation of vulnerabilities, the rise of new ransomware variants, and the adoption of increasingly sophisticated attack techniques highlight the evolving nature of the cyber threat landscape. It is crucial for organizations to remain vigilant, stay informed about the latest threats, and implement robust security measures to protect their critical systems and data.

How to Setting Up Django on Render & Storages on AWS S3

Deploying a Django application to the cloud can be a significant step towards scalability and reliability. This guide will walk you through a comprehensive process of deploying your Django application to Render, a cloud platform designed to simplify the deployment process. We'll also integrate Amazon S3 for secure and efficient storage of your application's media files, such as images and documents.

Setting the Stage: Preparing Your Django Project

Before we embark on the deployment journey, let's ensure your Django project is properly configured for a seamless transition to the cloud.

Monday, October 14, 2024

PHP/Laravel Package of this Week: PAN (Product Analytics) by Nuno Maduro


Nuno Maduro, a prominent figure in the PHP community, has released a new package called Pan. This lightweight, privacy-focused library is designed to provide developers with simple, yet powerful product analytics.

Ubuntu Unity Edition version 24.10 is released

 The Ubuntu Unity 24.10 release, codenamed "Oracular Oriole," is now available for download at https://ubuntuunity.org. This release marks a significant step forward for the Ubuntu Unity project, featuring several improvements and updates.

Ivanti CSA Zero-day Is Being Weaponizing by "Suspected Nation-state Hacker"

A sophisticated nation-state adversary has been exploiting a series of vulnerabilities in Ivanti's Cloud Service Appliance (CSA) to gain unauthorized access to networks and steal sensitive data. The attack, uncovered by Fortinet FortiGuard Labs, leverages three zero-day vulnerabilities, including a command injection flaw, a path traversal vulnerability, and an authenticated command injection vulnerability.

The attack begins with the exploitation of CVE-2024-8190, a command injection flaw found in the /gsb/DateTimeTab.php resource. This vulnerability allows attackers to gain unauthenticated access to the CSA and enumerate users configured within the appliance.

BASH Tutorial: How to Using xargs

Xargs is an indispensable command-line utility in the Linux environment. It elegantly bridges the gap between commands, allowing you to seamlessly funnel output from one command as arguments for another. This dynamic interaction makes Xargs a potent tool for streamlining tasks and enhancing your command-line efficiency.

At its core, Xargs acts as a bridge between commands, reading data from standard input and transforming it into arguments for a new command. It excels in situations where you need to process multiple files or entries, effectively handling the complexities of passing numerous arguments to a command.

This guide delves into the depths of Xargs, showcasing its versatility and practical applications. We will explore how Xargs interacts with various common commands, providing clear examples to solidify your understanding.

How to Create Email Server on VPS

Setting up your own email server can provide you with greater flexibility and control over your email system compared to using a third-party service. This is especially beneficial for businesses that need to host a large number of email accounts.

This article will guide you through the process of creating an email server on a Hostinger VPS using the CyberPanel control panel.

Sunday, October 13, 2024

ASRock has launched two new Z890 Motherboards

ASRock has launched two new Z890 motherboards designed to take advantage of Intel's latest Arrow Lake-S processors. The Z890 Taichi OCF and the Z890 Taichi Aqua both offer unique features and cater to different types of users.

How to Running Large Language Model (LLM) On Raspberry Pi 5

The world of artificial intelligence is rapidly advancing, and with it, the capabilities of smaller and more accessible hardware are expanding. Recently, I was inspired by a video on the NVIDIA AI channel showcasing the Gemma 2 language model, boasting 2 billion parameters, running on a Jetson Orin Nano. This prompted me to delve into the world of running LLMs on the Raspberry Pi 5, a device known for its affordability and versatility. My journey led me to the Phi-3 mini 4K Instruct, a 3.8 billion parameter LLM from Microsoft, which surprisingly runs smoothly on the Raspberry Pi 5 using the ONNX Runtime GenAI framework.

This article will guide you through the process of setting up and running the Phi-3 mini 4K Instruct on your Raspberry Pi 5, along with optional instructions for exploring the Mistral 7B model as an alternative. We will explore the foundational technology behind ONNX Runtime and delve into the hardware capabilities of the Raspberry Pi 5.

Iranian & Chinese Hacker is Already Using ChatGPT to Enhanced Their Malware

The recent surge in cyberattacks utilizing generative AI, specifically ChatGPT, has ignited a wave of concern within the cybersecurity community. OpenAI's confirmation of over twenty attacks leveraging its powerful language model underscores the alarming reality that AI, in the wrong hands, can be a potent tool for malicious activity.

The emergence of these attacks, like the 'SweetSpecter' spear-phishing campaign orchestrated by Chinese threat actors targeting Asian governments, highlights the versatility of ChatGPT in crafting deceptive and malicious scripts. This sophisticated phishing scheme involved a seemingly harmless ZIP file containing a malicious payload. Once downloaded and opened, the file triggered an infection chain, compromising the targeted systems. OpenAI's investigation revealed that the SweetSpecter attack was meticulously planned, with multiple ChatGPT accounts utilized to develop scripts and exploit vulnerabilities, demonstrating the ease with which AI can be weaponized.

How to Fix "cannot install the best update candidate for package" on Oracle Linux 9

 The error message "cannot install the best update candidate for package" is a common one for Linux users, especially those working with Oracle Linux 9 and Red Hat 9 distributions. This particular error usually arises when attempting to install a package that depends on another package which isn't available in the system's repositories.

Inkscape 1.4 Is Officially Released, Update Now

 Inkscape 1.4, the latest iteration of the powerful, open-source, cross-platform, and free SVG (Scalable Vector Graphics) editor, has officially arrived. This major release boasts an impressive array of new features and improvements, making it a compelling upgrade for both seasoned users and newcomers alike.

Over a year and four months have passed since the release of Inkscape 1.3, and the development team has been diligently working to enhance the user experience and expand the software's capabilities. The result is a release packed with innovative features, making Inkscape 1.4 a significant step forward in the evolution of this versatile graphics editor.

Saturday, October 12, 2024

How to set Raspberry Pi 5 Headless Mode

Setting up a Raspberry Pi can be a fun and rewarding experience, but it often requires a monitor, keyboard, and mouse. For those who prefer the command line or lack these peripherals, setting up your Raspberry Pi headlessly – without a visual interface – is a viable and convenient option. This guide will walk you through the process, enabling you to remotely access and configure your Raspberry Pi using only your computer and an Ethernet cable.