The US cybersecurity agency CISA recently urged federal agencies to patch a critical severity vulnerability in GeoServer as soon as possible, warning of evidence of active exploitation.  The bug is tracked as CVE-2024-36401 (CVSS score of 9.8) and is described as the unsafe evaluation of property names as XPath expressions, which could allow unauthenticated attackers to execute code remotely through crafted input against a default GeoServer installation.

A hacktivist group recently claimed to have stolen and leaked over a terabyte of data from Diseny's internal slack channels.  The 1.1 terabyte of data includes a complete 10,000 channel data dump that encompasses files, messages, unreleased projects, raw images, and code.  The group also claims to have stolen some logins, links to internal API/web pages, and more.  Disney has confirmed to BBC that it is now investigating the hack.  The attacker, NullBulge, claims to be a hacktivist group protecting artists' rights and ensuring fair compensation for their work. 

Reconnaissance is one of the most time-consuming parts of network attack planning for adversaries. As Application Programming Interfaces (APIs) are exposed to the public, attackers spend less time finding attack vectors into the API's network, making APIs an easier target for breaches. If poorly designed, APIs can increase a network's attack surface and cause serious security issues. Since microservice architectures are increasingly replacing monolithic software architectures, APIs are more common than ever.

Researchers have discovered a new ransomware strain called "HardBit" that uses new obfuscation methods to avoid analysis. Cybereason researchers found that HardBit ransomware 4.0 added passphrase protection. The passphrase must be provided during runtime for proper ransomware execution. HardBit, which emerged in October 2022, is a financially motivated ransomware group that uses double extortion to generate illicit revenues. This article continues to discuss findings regarding the HardBit ransomware.

The National Security Agency (NSA) has released a new Cybersecurity Information Sheet (CSI) titled "Advancing Zero Trust Maturity Throughout the Automation and Orchestration Pillar" to help organizations detect cyber threats and respond to threats more quickly. This report is the NSA's final CSI in a series pertaining to the seven pillars of the US Department of Defense (DoD) Zero Trust (ZT) framework.

Barracuda researchers found cybercriminals using URL protection services to hide phishing links. The company observed phishing campaigns using three URL protection services to mask phishing URLs and send victims to credential-stealing websites. Researchers estimate these campaigns have targeted hundreds of companies. URL protection services prevent users from visiting malicious websites via phishing links. This article continues to discuss cybercriminals' abuse of legitimate URL protection services.

A second Remote Code Execution (RCE) vulnerability has been found in OpenSSH in an analysis of the recently discovered "regreSSHion" flaw. The regreSSHion bug, discovered by Qualys, was believed to impact millions of OpenSSH servers. Openwall founder Alexander Peslyak has found another regreSSHion-related issue, which is a race condition in signal handling involving the 'privsep' child process. This article continues to discuss findings regarding the recently discovered OpenSSH bug.

According to a recent paper by University of Missouri researcher Prasad Calyam and collaborators from Amrita University in India, Artificial Intelligence (AI)-powered chatbots can pass a cybersecurity exam but should not be relied on for complete protection. Using a standard certified ethical hacking exam, the team tested OpenAI's ChatGPT and Google's Bard. Certified ethical hackers use the same methods as malicious hackers to find and fix security vulnerabilities. Ethical hacking exams measure a person's understanding of attacks, system protection, and security breach response.