At Cloud Applications and Technologies Group, we help companies modernize their technology, navigate digital transformation, and enhance customer experiences.

Our expertise enables businesses to stay competitive and thrive in today’s rapidly evolving business landscape.

Insights

  • LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

    A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a

    2024-12-21 09:22:00
  • Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

    The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are

    2024-12-20 10:44:00
  • Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

    The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest

    2024-12-20 08:39:00
  • Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

    Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows -

    2024-12-20 08:13:00
  • Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

    A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.  The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted

    2024-12-20 06:25:00
  • CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that

    2024-12-20 04:30:00
  • Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

    Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. "While typosquatting attacks are

    2024-12-19 13:56:00
  • Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

    Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. "These systems have been infected with the Mirai

    2024-12-19 13:37:00
  • Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

    Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. It was originally fixed by Fortinet back on August 18, 2023, but without a CVE designation. The list of supported FortiOS

    2024-12-19 10:31:00
  • CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. "Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls,

    2024-12-19 10:00:00
  • Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency

    The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020. An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data

    2024-12-19 09:26:00
  • UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App

    The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the

    2024-12-19 08:40:00
  • HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft

    Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,

    2024-12-18 14:10:00
  • Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

    Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS

    2024-12-18 13:36:00
  • Not Your Old ActiveState: Introducing our End-to-End OS Platform

    Having been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the

    2024-12-18 11:55:00
  • APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

    The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously

    2024-12-18 11:15:00
  • ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

    Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions. Luckily, the 2024 MITRE ATT&CK

    2024-12-18 10:30:00
  • BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products

    BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users.

    2024-12-18 09:15:00
  • INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse

    INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming

    2024-12-18 09:10:00
  • Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

    Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million

    2024-12-18 05:43:00
  • Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

    A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said. "The attacker failed to install a

    2024-12-17 16:35:00
  • Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

    A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack. "One of the

    2024-12-17 14:11:00
  • Even Great Companies Get Breached — Find Out Why and How to Stop It

    Even the best companies with the most advanced tools can still get hacked. It’s a frustrating reality: you’ve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, what’s going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticed—even in well-prepared organizations. The good

    2024-12-17 12:05:00
  • Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

    A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint

    2024-12-17 11:07:00
  • 5 Practical Techniques for Effective Cyber Threat Hunting

    Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.  To avoid this, use these five battle-tested techniques that are

    2024-12-17 10:52:00
  • Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

    Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ

    2024-12-17 09:03:00
  • The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

    A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets

    2024-12-17 06:55:00
  • CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted

    2024-12-17 05:47:00
  • DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

    Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. "Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over

    2024-12-16 14:22:00
  • NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool

    A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. "NoviSpy allows for capturing sensitive personal data from a target's phone after infection and provides the ability to turn on the phone's microphone or camera remotely," the

    2024-12-16 12:45:00
  • ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

    This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there’s a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. Meanwhile, law enforcement has scored wins

    2024-12-16 12:11:00
  • Data Governance in DevOps: Ensuring Compliance in the AI Era

    With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we’ll explore the concept of CI/CD pipeline governance and why it's vital, especially as AI becomes

    2024-12-16 11:00:00
  • New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

    Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest

    2024-12-16 10:17:00
  • New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

    Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (

    2024-12-16 09:09:00
  • Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

    The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv. These groups, per the agency,

    2024-12-16 06:44:00
  • Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action

    Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains

    2024-12-14 11:33:00
  • Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

    Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope's Security Efficacy team, told The Hacker News. "The Yokai backdoor itself is not

    2024-12-14 10:16:00
  • 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

    A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that

    2024-12-13 20:00:00
  • Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

    A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the

    2024-12-13 16:48:00
  • DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

    The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. "The conspirators, who worked for

    2024-12-13 15:51:00
  • Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

    Iran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable

    2024-12-13 11:44:00
  • How to Generate a CrowdStrike RFM Report With AI in Tines

    Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform.  Their bi-annual “You Did What with Tines?!” competition highlights some of the most interesting workflows submitted by their

    2024-12-13 11:30:00
  • New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

    Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. "PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with

    2024-12-13 09:11:00
  • FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

    The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox ("rydox[.]ru" and "rydox[.]cc") for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud. In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested.

    2024-12-13 06:06:00
  • Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

    Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API

    2024-12-12 14:24:00
  • Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

    The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both

    2024-12-12 13:35:00
  • Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

    Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved

    2024-12-12 12:35:00
  • SaaS Budget Planning Guide for IT Professionals

    SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it’s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect both the bottom line and employee productivity.  In this article, we’ll break down this topic

    2024-12-12 11:30:00
  • WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

    Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it

    2024-12-12 09:18:00
  • Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

    A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.net, and

    2024-12-12 06:15:00
  • Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

    The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically

    2024-12-11 18:02:00
  • New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

    A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "

    2024-12-11 15:13:00
  • Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

    Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the

    2024-12-11 14:32:00
  • ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

    Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell

    2024-12-11 14:07:00
  • Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

    Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as

    2024-12-11 11:02:00
  • What is Nudge Security and How Does it Work?

    Regain control of SaaS sprawl with Day One discovery of all SaaS and GenAI accounts along with workflows to help you mitigate security risks, curb rogue app usage, and manage SaaS spend. In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to

    2024-12-11 11:02:00
  • Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

    A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team

    2024-12-11 11:00:00
  • Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

    Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the

    2024-12-11 07:16:00
  • U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

    The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been

    2024-12-11 06:29:00
  • Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

    Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote

    2024-12-11 02:59:00
  • Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

    Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo's LexiCom,

    2024-12-10 15:57:00
  • Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

    Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that's designed to distribute an updated version of the Antidot banking trojan. "The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu Pratapagiri researcher said in a new report. "As part of their fraudulent hiring process, the

    2024-12-10 14:13:00
  • The Future of Network Security: Automated Internal and External Pentesting

    In today’s rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay

    2024-12-10 11:50:00
  • Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands

    Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims' financial data and funds. As part of the international operation, law enforcement agencies carried out 17 searches in different locations in Belgium and the Netherlands, Europol said. In addition, large amounts of cash,

    2024-12-10 11:19:00
  • Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage

    A suspected China-nexus cyber espionage group has been attributed to an attacks targeting large business-to-business IT service providers in Southern Europe as part of a campaign codenamed Operation Digital Eye. The intrusions took place from late June to mid-July 2024, cybersecurity companies SentinelOne SentinelLabs and Tinexta Cyber said in a joint report shared with The Hacker News, adding

    2024-12-10 11:00:00
  • Ongoing Phishing and Malware Campaigns in December 2024

    Cyber attackers never stop inventing new ways to compromise their targets. That's why organizations must stay updated on the latest threats.  Here's a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you. Zero-day Attack: Corrupted Malicious Files Evade Detection by Most Security Systems  The analyst

    2024-12-10 10:01:00
  • CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force

    The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defense companies in the country as well as its security and defense forces. The phishing attacks have been attributed to a Russia-linked threat actor called UAC-0185 (aka UNC4221), which has been active since at least 2022. "The phishing emails mimicked official messages

    2024-12-10 09:12:00
  • Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

    The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user's email to numerous mailing lists simultaneously," Rapid7

    2024-12-09 17:44:00
  • ⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)

    This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to

    2024-12-09 13:11:00
  • Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

    Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print

    2024-12-09 11:55:00
  • Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions

    Identity security is all the rage right now, and rightfully so. Securing identities that access an organization’s resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what we at SSH Communications Security want to talk about today. Let’s look at seven ways to add

    2024-12-09 11:00:00
  • Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

    A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company's security research team said in an analysis

    2024-12-09 10:44:00
  • Bluesky Faces Growing Pains: Malicious Moderators and DMCA Compliance Concerns Undermine Its Popularity

    Affected users indicate that certain moderators are abusing their administrative privileges, transferring handles from legitimate users to themselves.

    2024-12-09 00:10:10
  • Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

    In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures

    2024-12-07 10:54:00
  • Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

    Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes.

    2024-12-07 10:54:00
  • Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data

    Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company

    2024-12-07 08:18:00
  • Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

    In a historic decision, Romania's constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin Georgescu, who won the first round, denounced the verdict as an "officialized coup" and an attack on

    2024-12-07 07:25:00
  • FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine

    A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of Toronto's Citizen Lab. "The spyware placed on his device allows the operator to track a target device's

    2024-12-06 16:15:00
  • Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

    Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first

    2024-12-06 11:28:00
  • Conquering the Complexities of Modern BCDR

    The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today’s complex IT ecosystems.

    2024-12-06 11:00:00
  • More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

    The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on

    2024-12-06 08:22:00
  • Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

    The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's designed to drop the Visual Basic Script malware, Recorded Future's Insikt Group said in a new analysis.

    2024-12-06 07:03:00
  • This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

    As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, Alessandro

    2024-12-05 15:58:00
  • Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

    Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input

    2024-12-05 14:56:00
  • Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers

    Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected. In addition, over 80 data storage devices

    2024-12-05 14:55:00
  • Want to Grow Vulnerability Management into Exposure Management? Start Here!

    Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management

    2024-12-05 12:46:00
  • Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor

    A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a

    2024-12-05 12:43:00
  • Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

    A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn't rule out the possibility that the intrusion may have occurred earlier. "The attackers moved laterally

    2024-12-05 11:00:00
  • ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

    The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis. "An interesting aspect of this campaign is the comeback of a backdoor

    2024-12-05 07:30:00
  • NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions

    The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation Destabilise, has resulted in the arrest of 84 suspects linked to two Russian-speaking networks

    2024-12-05 05:47:00
  • CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions

    2024-12-05 05:09:00
  • Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities

    The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, first observed in December 2022, is the latest instance of the nation-state adversary "embedding

    2024-12-04 17:23:00
  • Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

    Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted

    2024-12-04 12:20:00
  • 7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

    Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and

    2024-12-04 11:50:00
  • How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

    Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy

    2024-12-04 10:30:00
  • Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign

    Why does this news below matter to the average network engineer?

    2024-11-24 22:52:38
  • Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

    What does this mean for the average Linux user?

    2024-11-23 04:43:27

We’d love to hear from you!

arrow-right

Insights

  • LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

    A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a

    2024-12-21 09:22:00
  • Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

    The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are

    2024-12-20 10:44:00
  • Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

    The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest

    2024-12-20 08:39:00
  • Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

    Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows -

    2024-12-20 08:13:00
  • Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

    A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.  The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted

    2024-12-20 06:25:00
  • CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that

    2024-12-20 04:30:00
  • Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

    Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. "While typosquatting attacks are

    2024-12-19 13:56:00
  • Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

    Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. "These systems have been infected with the Mirai

    2024-12-19 13:37:00
  • Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

    Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. It was originally fixed by Fortinet back on August 18, 2023, but without a CVE designation. The list of supported FortiOS

    2024-12-19 10:31:00
  • CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. "Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls,

    2024-12-19 10:00:00
  • Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency

    The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020. An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data

    2024-12-19 09:26:00
  • UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App

    The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the

    2024-12-19 08:40:00
  • HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft

    Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,

    2024-12-18 14:10:00
  • Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

    Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS

    2024-12-18 13:36:00
  • Not Your Old ActiveState: Introducing our End-to-End OS Platform

    Having been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the

    2024-12-18 11:55:00
  • APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

    The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously

    2024-12-18 11:15:00
  • ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

    Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions. Luckily, the 2024 MITRE ATT&CK

    2024-12-18 10:30:00
  • BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products

    BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users.

    2024-12-18 09:15:00
  • INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse

    INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming

    2024-12-18 09:10:00
  • Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

    Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million

    2024-12-18 05:43:00
  • Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

    A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said. "The attacker failed to install a

    2024-12-17 16:35:00
  • Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

    A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack. "One of the

    2024-12-17 14:11:00
  • Even Great Companies Get Breached — Find Out Why and How to Stop It

    Even the best companies with the most advanced tools can still get hacked. It’s a frustrating reality: you’ve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, what’s going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticed—even in well-prepared organizations. The good

    2024-12-17 12:05:00
  • Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

    A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint

    2024-12-17 11:07:00
  • 5 Practical Techniques for Effective Cyber Threat Hunting

    Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.  To avoid this, use these five battle-tested techniques that are

    2024-12-17 10:52:00
  • Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

    Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ

    2024-12-17 09:03:00
  • The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

    A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets

    2024-12-17 06:55:00
  • CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted

    2024-12-17 05:47:00
  • DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

    Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. "Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over

    2024-12-16 14:22:00
  • NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool

    A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. "NoviSpy allows for capturing sensitive personal data from a target's phone after infection and provides the ability to turn on the phone's microphone or camera remotely," the

    2024-12-16 12:45:00
  • ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

    This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there’s a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. Meanwhile, law enforcement has scored wins

    2024-12-16 12:11:00
  • Data Governance in DevOps: Ensuring Compliance in the AI Era

    With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we’ll explore the concept of CI/CD pipeline governance and why it's vital, especially as AI becomes

    2024-12-16 11:00:00
  • New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

    Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest

    2024-12-16 10:17:00
  • New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

    Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (

    2024-12-16 09:09:00
  • Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

    The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv. These groups, per the agency,

    2024-12-16 06:44:00
  • Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action

    Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains

    2024-12-14 11:33:00
  • Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

    Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope's Security Efficacy team, told The Hacker News. "The Yokai backdoor itself is not

    2024-12-14 10:16:00
  • 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

    A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that

    2024-12-13 20:00:00
  • Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

    A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the

    2024-12-13 16:48:00
  • DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

    The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. "The conspirators, who worked for

    2024-12-13 15:51:00
  • Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

    Iran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable

    2024-12-13 11:44:00
  • How to Generate a CrowdStrike RFM Report With AI in Tines

    Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform.  Their bi-annual “You Did What with Tines?!” competition highlights some of the most interesting workflows submitted by their

    2024-12-13 11:30:00
  • New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

    Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. "PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with

    2024-12-13 09:11:00
  • FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

    The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox ("rydox[.]ru" and "rydox[.]cc") for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud. In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested.

    2024-12-13 06:06:00
  • Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

    Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API

    2024-12-12 14:24:00
  • Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

    The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both

    2024-12-12 13:35:00
  • Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

    Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved

    2024-12-12 12:35:00
  • SaaS Budget Planning Guide for IT Professionals

    SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it’s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect both the bottom line and employee productivity.  In this article, we’ll break down this topic

    2024-12-12 11:30:00
  • WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

    Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it

    2024-12-12 09:18:00
  • Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

    A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.net, and

    2024-12-12 06:15:00
  • Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

    The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically

    2024-12-11 18:02:00
  • New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

    A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "

    2024-12-11 15:13:00
  • Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

    Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the

    2024-12-11 14:32:00
  • ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

    Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell

    2024-12-11 14:07:00
  • Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

    Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as

    2024-12-11 11:02:00
  • What is Nudge Security and How Does it Work?

    Regain control of SaaS sprawl with Day One discovery of all SaaS and GenAI accounts along with workflows to help you mitigate security risks, curb rogue app usage, and manage SaaS spend. In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to

    2024-12-11 11:02:00
  • Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

    A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team

    2024-12-11 11:00:00
  • Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

    Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the

    2024-12-11 07:16:00
  • U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

    The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been

    2024-12-11 06:29:00
  • Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

    Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote

    2024-12-11 02:59:00
  • Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

    Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo's LexiCom,

    2024-12-10 15:57:00
  • Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

    Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that's designed to distribute an updated version of the Antidot banking trojan. "The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu Pratapagiri researcher said in a new report. "As part of their fraudulent hiring process, the

    2024-12-10 14:13:00
  • The Future of Network Security: Automated Internal and External Pentesting

    In today’s rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay

    2024-12-10 11:50:00
  • Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands

    Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims' financial data and funds. As part of the international operation, law enforcement agencies carried out 17 searches in different locations in Belgium and the Netherlands, Europol said. In addition, large amounts of cash,

    2024-12-10 11:19:00
  • Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage

    A suspected China-nexus cyber espionage group has been attributed to an attacks targeting large business-to-business IT service providers in Southern Europe as part of a campaign codenamed Operation Digital Eye. The intrusions took place from late June to mid-July 2024, cybersecurity companies SentinelOne SentinelLabs and Tinexta Cyber said in a joint report shared with The Hacker News, adding

    2024-12-10 11:00:00
  • Ongoing Phishing and Malware Campaigns in December 2024

    Cyber attackers never stop inventing new ways to compromise their targets. That's why organizations must stay updated on the latest threats.  Here's a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you. Zero-day Attack: Corrupted Malicious Files Evade Detection by Most Security Systems  The analyst

    2024-12-10 10:01:00
  • CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force

    The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defense companies in the country as well as its security and defense forces. The phishing attacks have been attributed to a Russia-linked threat actor called UAC-0185 (aka UNC4221), which has been active since at least 2022. "The phishing emails mimicked official messages

    2024-12-10 09:12:00
  • Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

    The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user's email to numerous mailing lists simultaneously," Rapid7

    2024-12-09 17:44:00
  • ⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)

    This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to

    2024-12-09 13:11:00
  • Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

    Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print

    2024-12-09 11:55:00
  • Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions

    Identity security is all the rage right now, and rightfully so. Securing identities that access an organization’s resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what we at SSH Communications Security want to talk about today. Let’s look at seven ways to add

    2024-12-09 11:00:00
  • Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

    A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company's security research team said in an analysis

    2024-12-09 10:44:00
  • Bluesky Faces Growing Pains: Malicious Moderators and DMCA Compliance Concerns Undermine Its Popularity

    Affected users indicate that certain moderators are abusing their administrative privileges, transferring handles from legitimate users to themselves.

    2024-12-09 00:10:10
  • Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

    In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures

    2024-12-07 10:54:00
  • Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

    Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes.

    2024-12-07 10:54:00
  • Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data

    Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company

    2024-12-07 08:18:00
  • Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

    In a historic decision, Romania's constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin Georgescu, who won the first round, denounced the verdict as an "officialized coup" and an attack on

    2024-12-07 07:25:00
  • FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine

    A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of Toronto's Citizen Lab. "The spyware placed on his device allows the operator to track a target device's

    2024-12-06 16:15:00
  • Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

    Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first

    2024-12-06 11:28:00
  • Conquering the Complexities of Modern BCDR

    The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today’s complex IT ecosystems.

    2024-12-06 11:00:00
  • More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

    The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on

    2024-12-06 08:22:00
  • Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

    The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's designed to drop the Visual Basic Script malware, Recorded Future's Insikt Group said in a new analysis.

    2024-12-06 07:03:00
  • This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

    As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, Alessandro

    2024-12-05 15:58:00
  • Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

    Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input

    2024-12-05 14:56:00
  • Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers

    Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected. In addition, over 80 data storage devices

    2024-12-05 14:55:00
  • Want to Grow Vulnerability Management into Exposure Management? Start Here!

    Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management

    2024-12-05 12:46:00
  • Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor

    A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a

    2024-12-05 12:43:00
  • Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

    A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn't rule out the possibility that the intrusion may have occurred earlier. "The attackers moved laterally

    2024-12-05 11:00:00
  • ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

    The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis. "An interesting aspect of this campaign is the comeback of a backdoor

    2024-12-05 07:30:00
  • NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions

    The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation Destabilise, has resulted in the arrest of 84 suspects linked to two Russian-speaking networks

    2024-12-05 05:47:00
  • CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions

    2024-12-05 05:09:00
  • Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities

    The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, first observed in December 2022, is the latest instance of the nation-state adversary "embedding

    2024-12-04 17:23:00
  • Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

    Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted

    2024-12-04 12:20:00
  • 7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

    Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and

    2024-12-04 11:50:00
  • How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

    Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy

    2024-12-04 10:30:00
  • Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign

    Why does this news below matter to the average network engineer?

    2024-11-24 22:52:38
  • Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

    What does this mean for the average Linux user?

    2024-11-23 04:43:27