Post Content Read More
Related Posts
Man Charged for Creating ‘evil twin’ Free Wi-Fi Networks on a Flight
Man Charged for Creating ‘evil twin’ Free Wi-Fi Networks on a Flight
A 42-year-old West Australian man is set to appear in Perth Magistrates Court today, facing nine charges for alleged cybercrime offences.
The Australian Federal Police (AFP) has accused the man of establishing fake free WiFi access points, mimicking legitimate networks to capture personal data from unsuspecting victims.
Cybercrime Investigation Unfolds
The investigation began in April 2024 when an airline reported concerns about a suspicious WiFi network identified by its employees during a domestic flight.
AFP investigators searched the man’s baggage upon his return to Perth Airport on April 19, 2024, seizing a portable wireless access device, a laptop, and a mobile phone.
A subsequent search of his Palmyra home led to further evidence collection.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
The AFP’s Western Command Cybercrime Operations Team analyzed the seized data and devices, allegedly revealing dozens of personal credentials belonging to other people and fraudulent WiFi pages.
The AFP alleges that the man used a portable wireless access device to create ‘evil twin’ free WiFi networks at multiple locations, luring users into believing they were legitimate services.
Alleged Modus Operandi
The AFP claims that when people attempted to connect to these fake networks, they were redirected to a fraudulent webpage requiring them to sign in using their email or social media logins.
These details were then allegedly saved to the man’s devices, potentially giving him access to victims’ online communications, stored images, videos, and bank details.
Detective Inspector Andrea Coleman of the AFP’s Western Command Cybercrime unit emphasized the importance of being cautious when connecting to public WiFi networks.
“To connect to a free WiFi network, you shouldn’t have to enter any personal details– such as logging in through an email or social media account,” she advised.
Legal Consequences and Public Advisory
The man faces serious charges, including unauthorized impairment of electronic communication, possession or control of data with the intent to commit a serious offense, unauthorized access or modification of restricted data, and dealing in personal financial information.
The maximum penalties for these offenses range from two to ten years of imprisonment.
Detective Inspector Coleman urged the public to take precautions when using public WiFi, such as installing a reputable virtual private network (VPN), disabling file sharing, and avoiding sensitive activities like banking.
She also recommended turning off WiFi on devices when not in use and using strong, unique passphrases for online accounts.
Anyone who is connected to free WiFi networks in airport precincts and on domestic flights is advised to change their passwords and report any suspicious activity to Report Cyber.
The AFP’s investigation is ongoing to determine the full extent of the alleged offenses.
Are you from SOC/DFIR Teams? – Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
The post Man Charged for Creating ‘evil twin’ Free Wi-Fi Networks on a Flight appeared first on Cyber Security News.
Malwarebytes crushes malware all the time
Malwarebytes crushes malware all the time
[[{“value”:”
About a month ago, The PC Security Channel (TPSC) ran a test to check out the detection capabilities of Malwarebytes. They tested Malwarebytes by executing a repository of 2015 “malicious” files to see how many Malwarebytes would detect.
This YouTube video shows how a script executes the files and Malwarebytes blocks and immediately quarantines the majority of them.
Malwarebytes missed 34 out of those 2015 files, giving us a score of 98.31%. Many vendors would have been proud of that, but being who we are, we wanted to do better. So we asked whether we could have a look at the files we missed, and TPSC was kind enough to offer us that chance.
Two of the missed files were identified as PUPs. PUP is short for Potentially Unwanted Programs. The emphasis here is on Potentially because they live in the grey area of what people might consider to be acceptable. Some PUPs simply don’t meet our detection criteria.
Anyway, back to the review of the malicious files we missed. As you can see in the sheet below (click to expand), after a full review we were left with four malicious files that we missed and the two PUP-related files.
After circling back to TPSC, they graciously agreed with our assessment of the non-malicious files. That brings Malwarebytes’ score up to 99.8 % which is a lot more like what we are used to score in such tests. The four malicious files have all been added to our detections.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
“}]] Read More
Malwarebytes
Kubernetes Image Builder Flaw Let Attackers Gain Root Access to VMs
Kubernetes Image Builder Flaw Let Attackers Gain Root Access to VMs
The Kubernetes Security Response Committee has disclosed two critical vulnerabilities in the Kubernetes Image Builder that could allow attackers to gain root access to virtual machines (VMs).
The flaws, identified as CVE-2024-9486 and CVE-2024-9594, stem from the use of default credentials during the image build process.
Kubernetes Image Builder Vulnerabilities
CVE-2024-9486, rated as Critical with a CVSS score of 9.8, specifically impacts images built with the Proxmox provider.
Virtual machine images created using this provider fail to disable the default credentials, potentially allowing unauthorized access to nodes using these images. This vulnerability poses a significant risk, as attackers could exploit these credentials to gain complete control of affected VMs.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)
CVE-2024-9594, rated as Medium with a CVSS score of 6.3, affects images built with the Nutanix, OVA, QEMU, or raw providers. While these images also use default credentials during the build process, they are disabled upon completion.
However, the vulnerability window exists during the image build process, making it possible for an attacker to modify the image if they can reach the VM during construction.
Clusters running VM images built with Kubernetes Image Builder version 0.1.37 or earlier are potentially at risk. Users are urged to check their Image Builder version using the provided commands, such as make version for git clones or docker run –rm <image pull spec> version for container image releases.
To mitigate the threat, the Kubernetes Security Response Committee urges users to take the following actions:
Upgrade to Kubernetes Image Builder v0.1.38 or later, which includes the necessary fixes.
Rebuild any affected images using the updated Image Builder version.
Re-deploy the fixed images to any affected VMs
To mitigate the threat, the Kubernetes Security Response Committee recommends rebuilding any affected images using Image Builder version 0.1.38 or later, which includes the necessary fixes. For CVE-2024-9486, a temporary mitigation involves disabling the “builder” account on affected VMs with the command usermod -L builder.
Nicolai Rybnikar from Rybnikar Enterprises GmbH reported the vulnerabilities, which Marcus Noble of the Image Builder project addressed. Users are advised to take immediate action to secure their Kubernetes environments and monitor for any signs of exploitation.
Organizations using Kubernetes should prioritize addressing these vulnerabilities to prevent potential unauthorized access and maintain the security of their clusters.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar
The post Kubernetes Image Builder Flaw Let Attackers Gain Root Access to VMs appeared first on Cyber Security News.