i6 Cyber Security Solutions Ltd

Microsoft has warned of an MFA issue affecting some Microsoft 365 users, blocking access to certain applications and disrupting essential operations. Microsoft announced the issue through its official MSFT365 Status account on X, stating: “We’re investigating an issue where Multi-Factor Authentication (MFA) may block access to some Microsoft 365 (M365) apps. Traffic has been redirected, and service availability is improving.” Administrators were advised to check incident ID OP978247 in the Microsoft admin center for updates and support. Microsoft Warns of MFA Issue Multi-factor authentication, a key security measure, adds a layer of identity verification through methods like text, calls, or app verification after a password. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gURJPgnY #microsoft #mfa #microsoft365 #msft365 #administrators #incident #security #password #text #calls #app #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

Cybercriminals are exploiting critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept (PoC) exploits for “LDAPNightmare” (CVE-2024-49113). These fake PoCs, disguised as legitimate tools, trick security researchers and administrators into downloading and running them. Instead of demonstrating the vulnerability, the files install malware that steals sensitive information from the victim’s system. Attackers leverage the high-profile nature of these LDAP vulnerabilities to increase the chances of their traps succeeding. A malicious actor forked a legitimate Python repository and replaced its source code with a UPX-packed executable (poc.exe). ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gQhN8GfV #cybercriminals #ldap #vulnerabilities #poc #legitimatetools #securityresearchers #administrators #malware #victim #attackers #malicious #python #sourcecode #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

The PRIVESHIELD browser extension automatically creates isolated profiles to group websites based on browsing habits and interactions, blocking cross-site tracking and cookie-matching used for targeted ads. All about PriveShield Evaluation results reveal that PRIVESHIELD is over 90% effective at blocking ad exchanges from sharing user data. In Real-time Bidding (RTB), ad exchanges connect Supply-side Platforms (SSPs), which handle ad inventory for publishers, with Demand-side Platforms (DSPs), which manage ad campaigns for advertisers. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gDkfXx9y #priveshield #browser #websites #crosssite #cookiematching #ads #blocking #campaigns #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

Hackers breached Argentina’s Airport Security Police (PSA) payroll system, exposing sensitive employee information. They accessed salary records and altered pay slips, making unauthorized deductions between 2,000 to 5,000 pesos under fake labels like “DD mayor” and “DD seguro.” The cyberattack has caused substantial financial harm to several officers, with many reporting unauthorized deductions from their pay. Some officers experienced multiple deductions, suggesting the possibility of malicious software being installed to allow continuous access and manipulation of payroll data. Investigations have revealed that while the breach didn’t originate from the PSA’s internal systems, it is connected to Banco Nación, the bank responsible for processing the payroll payments. This raises concerns about the bank’s security protocols and the potential risks to sensitive employee information. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gQ25ABnX #hackers #breach #argentina #airport #payroll #sensitive #employee #unauthorized #financial #malicious #software #payroll #investigations #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestupdates

The January 2025 Android Security Bulletin highlights critical vulnerabilities affecting Android devices. Users should update to security patch level 2025-01-05 or later to stay protected. Critical RCE Vulnerabilities The bulletin highlights critical Remote Code Execution (RCE) vulnerabilities in the Android System component. These flaws could allow attackers to run malicious code without extra privileges, posing significant risks if security mitigations are bypassed. Android partners were notified a month before the bulletin’s release. Patches will be added to the Android Open Source Project (AOSP) repository within 48 hours, with updated links to follow. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gdZnvjmP #january #android #security #bulletin #critical #vulnerabilities #patch #rce #attackers #maliciouscode #privileges #aosp #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

A PoC exploit for the critical OpenSSH vulnerability CVE-2024-6387 has been released, enabling remote attackers to execute arbitrary code on vulnerable servers, posing serious risks to users. CVE-2024-6387 The vulnerability is a race condition in OpenSSH’s server daemon (sshd). If a client fails to authenticate within the LoginGraceTime, the system’s signal handler can trigger unsafe function calls. The PoC exploit, created by GitHub user YassDEV221608, targets 32-bit OpenSSH servers on Linux systems using GNU C Library (glibc). OpenBSD systems are not affected by this flaw. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gz6JvP6h #poc #critical #openSSH #vulnerability #remote #attackers #arbitrarycode #servers #seriousrisk #authenticate #logingracetime #unsafe #functionalcalls #github #linux #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

ASUS warns of critical router flaws (CVE-2024-12912, CVE-2024-13062) allowing arbitrary command execution. Users are urged to update their devices immediately. ASUS Vulnerability The vulnerabilities are tied to the router firmware’s AiCloud feature. ASUS explains that these “injection and execution flaws” let authenticated attackers execute remote commands. With a CVSS score of 7.2, both are rated as highly severe. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gk-2zRGN #asus #critical #router #arbitrarycommand #update #vulnerability #firmware #aicloud #authenticated #attackers #cvss #severe #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

Researchers warn of a public PoC exploit for a critical Oracle WebLogic vulnerability. Oracle WebLogic Vulnerability The flaw, CVE-2024-21182, is a serious risk for organizations using Oracle WebLogic Server, allowing unauthenticated attackers with network access to compromise systems. It affects versions 12.2.1.4.0 and 14.1.1.0.0, popular middleware for enterprise applications. Attackers exploit the vulnerability through T3 and IIOP, protocols often enabled by default for remote communication. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gkM5Ak_y #researchers #poc #exploit #oracle #weblogic #vulnerability #risk #organizations #unauthenticated #attacker #network #acces #compromise #middleware #protocols #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestupdates

Researchers observed increased activity from the “FICORA” and “CAPSAICIN” variants, which exploit vulnerabilities in outdated D-Link routers like DIR-645, DIR-806, GO-RT-AC750, and DIR-845L. Attackers use the HNAP protocol to execute commands on unpatched devices, stressing the need for timely updates and strong security. They used servers in the Netherlands to activate the “FICORA” botnet, affecting many countries and showing the attack was widespread. The “CAPSAICIN” botnet conducted a concentrated campaign targeting East Asian countries, with heightened activity observed over two days, October 21 and 22, 2024. This indicates a more deliberate and geographically focused approach compared to other botnets. The FICORA botnet, a Linux-based variant of the Mirai malware, is designed to spread effectively by downloading and executing its payload through multiple methods, including wget, ftpget, curl, and tftp. These techniques allow it to exploit vulnerabilities across a wide range of devices. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gfm7zHZh #researchers #ficora #capsaicin #vulnerabilities #dlink #routers #attackers #unpatch #updates #servers #botnet #campaign #linux #malware #payload #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

Adobe released a critical security update for ColdFusion to address a vulnerability that allows attackers to read arbitrary files. All about the vulnerability – ColdFusion This vulnerability allows attackers to potentially access sensitive files by bypassing security restrictions. It’s classified as “Improper Limitation of a Pathname to a Restricted Directory” (CWE-22). The CVSS Base Score for this vulnerability (CVE-2024-53961) is 7.4, indicating a high severity level. This vulnerability can be exploited remotely without requiring user interaction or prior privileges, making it highly dangerous. Adobe has released updates to address this issue (CVE-2024-53961). ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gjqy744m #adobe #critical #security #update #coldfusion #vulnerability #attackers #arbitraryfiles #sensitivefile #directory #cvss #severitylevel #privileges #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews