Cybersecurity

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem.

HOUSTON, Aug 21 (Reuters) - U.S. oilfield services firm Halliburton (HAL.N), opens new tab on Wednesday was hit by a cyberattack, according to a person familiar with the matter. Halliburton said it was aware of an issue affecting certain systems at the company and was working to determine the cause and impact of the problem. The company was also working with "leading external experts" to fix the issue, a spokesperson said in an emailed statement. The attack appeared to impact business operations at the company's north Houston campus, as well as some global connectivity networks, the person said, who declined to be identified because they were not authorized to speak on the record. The company has asked some staff not to connect to internal networks, the person said. Houston, Texas-based Halliburton is one of the largest oilfield services firms in the world, providing drilling services and equipment to major energy producers around the globe. It had nearly 48,000 employees and operated in more than 70 countries at the end of last year.

Cyberattacks have been a major headache for the energy industry. In 2021, hackers attacked the Colonial Pipeline with ransomware, causing a days-long shutdown to the major fuel supply line. That breach, which the FBI attributed to a gang called DarkSide, led to a spike in gasoline prices, panic buying and localized fuel shortages. Several major U.S. companies have suffered ransomware attacks in recent years, including UnitedHealth Group (UNH.N), opens new tab, gambling giants MGM Resorts International (MGM.N), opens new tab, Caesars Entertainment CZR.O and consumer good maker Clorox (CLX.N), opens new tab.

While its unclear what exactly is happening at Halliburton, ransom software works by encrypting victims' data. Typically, hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. If the victim resists, hackers sometimes threaten to leak confidential data in a bid to pile on the pressure. The ransomware group DarkSide, suspected by U.S. authorities of the Colonial Pipeline attack, for example, said it wanted to make money. Colonial Pipeline's CEO said his company paid a $4.4 million ransom as executives were unsure how badly its systems were breached or how long it would take to restore the pipeline.

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges.

"The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and installed," Patchstack's Rafie Muhammad said in a Wednesday report.

The vulnerability, tracked as CVE-2024-28000 (CVSS score: 9.8), has been patched in version 6.4 of the plugin released on August 13, 2024. It impacts all versions of the plugin, including and prior to 6.3.0.1.

LiteSpeed Cache is one of the most widely used caching plugins in WordPress with over five million active installations.

Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances.

"Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords," Aqua security researcher Assaf Morag said in a technical report.

"Once accessed, attackers can leverage the COPY ... FROM PROGRAM SQL command to execute arbitrary shell commands on the host, allowing them to perform malicious activities such as data theft or deploying malware."

The attack chain observed by the cloud security firm entails targeting misconfigured PostgreSQL databases to create an administrator role in Postgres and exploiting a feature called PROGRAM to run shell commands.

Whack yakety-yak app chaps rapped for security crack

cross-posted from: https://lemmy.zip/post/21331797

Web-based apps escape iOS "Walled Garden" and Android side-loading protections.

APT42 has combined capabilities from previous malware scripts into a single new trojan written in PowerShell that is likely part of a larger campaign against Israeli and US targets.

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks.

The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164, has been credited with discovering and reporting the issue.

The plugin is "vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter," Wordfence said in a report this week.