In this article, @flaresystems explores threat actors and their activities on dark web forums versus illicit Telegram communities. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
In this article, @flaresystems explores threat actors and their activities on dark web forums versus illicit Telegram communities. […] Read More
BleepingComputer
CrowdStrike filed a FORM 8-K to Clarify the Friday’s Update Event
CrowdStrike Holdings, Inc. faced an unexpected challenge when a sensor configuration update for their Falcon sensor software resulted in outages for numerous customers utilizing specific Windows systems.
The company promptly addressed the issue, emphasizing that the event was not the result of a cyberattack but of an internal update that inadvertently caused disruptions.
The update, released at 4:09 UTC, affected specific Windows systems that were online. Recognizing the gravity of the situation, CrowdStrike mobilized its teams urgently to ensure the security and stability of their customers’ systems.
By 5:27 UTC, the issue had been identified, and isolated, and the problematic update was reverted. Despite the swift response, the company continues to work closely with impacted customers to restore their systems fully.
In the event’s wake, CrowdStrike has taken significant steps to support its customers. The company has provided detailed remediation information through its customer support portal and has been actively publishing event-related updates on its blog.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
This transparent communication keeps customers informed and reassured during the recovery process.
According to the United States Securities and Exchange Commission reports, CrowdStrike has acknowledged this is an evolving situation and continuously evaluates the event’s impact on its business and operations.
The company remains committed to maintaining open lines of communication with its customers and ensuring that they are kept up to date with the latest developments and support measures.
In their FORM 8-K filing, CrowdStrike included forward-looking statements highlighting the risks and uncertainties associated with the event.
The company cautioned that some factors, including the discovery of new information regarding the event, could cause outcomes to differ materially from their statements.
CrowdStrike’s filing also referenced the “Risk Factors” section in their most recently filed Quarterly Report on Form 10-Q, advising stakeholders not to rely solely on the forward-looking statements.
The company emphasized that all statements are based on currently available information and do not assume any obligation to update any statement to reflect changes in circumstances or expectations.
CrowdStrike’s swift response to the sensor configuration update issue demonstrates its commitment to customer security and system stability.
By filing the FORM 8-K, the company has provided clarity and transparency regarding the event, ensuring stakeholders are well-informed.
As the situation evolves, CrowdStrike continues to work diligently to restore affected systems and mitigate any potential impacts on their business operations.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
The post CrowdStrike filed a FORM 8-K to Clarify the Friday’s Update Event appeared first on Cyber Security News.
Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager
Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances.
Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to Read More
Beware of Fake regreSSHion Exploit Attacking Security Researchers
An alarming new threat has emerged targeting cybersecurity researchers.
An archive containing malicious code is being distributed on the social network X, masquerading as an exploit for the recently discovered CVE-2024-6387 vulnerability, also known as regreSSHion.
This exploit, which affects OpenSSH, has drawn significant attention from the cybersecurity community.
However, experts warn that this archive is a trap designed to compromise the systems of those who download it.
The deceptive archive has a compelling backstory. It claims to contain a working exploit for the CVE-2024-6387 vulnerability, a list of IP addresses targeted by the exploit, and a payload used in the attacks.
According to the Kaspersky reports, a server is actively using this exploit to attack specific IP addresses, and the archive is offered to anyone interested in investigating these attacks.
This enticing offer lures cybersecurity specialists eager to analyze the exploit and understand its mechanics.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Contrary to its claims, the archive contains a mix of source code, malicious binaries, and scripts.
The source code appears to be a slightly modified version of a non-functional proof-of-concept for the regreSSHion vulnerability, which is already publicly available.
One of the included Python scripts simulates exploiting the vulnerability on servers listed in the IP address file.
However, instead of performing a legitimate analysis, it launches a malicious file named “exploit.
“This malware is designed to achieve persistence in the system and retrieve additional payloads from a remote server.
It saves the malicious code in the /etc/cron.hourly directory and modifies the ls file to include a copy of itself.
This ensures the malicious code is executed repeatedly, compromising the system each time the ls command is run.
Cybersecurity researchers should exercise extreme caution when downloading and analyzing files from untrusted sources, especially those shared on social media platforms.
It is crucial to verify the authenticity of any archive before opening it and to use isolated environments for analysis to prevent potential system compromise.
The regreSSHion exploit may be a significant vulnerability, but falling victim to a fake exploit could have severe consequences for researchers and their systems.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
The post Beware of Fake regreSSHion Exploit Attacking Security Researchers appeared first on Cyber Security News.