North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows AppLocker driver (appid.sys) to gain kernel-level access to target systems. Avast researchers observed North Korea-linked Lazarus APT group using an admin-to-kernel exploit for a zero-day vulnerability in the appid.sys…
Category: EN
Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269…
New Backdoor Targeting European Officials Linked to Indian Diplomatic Events
A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER. The adversary, according to a report from Zscaler ThreatLabz, used a PDF file in emails that purported to come…
How to Configure the Most Secure Settings for Microsoft Defender
This article is entirely written by Bing AI client integrated in Skype. Q: write an article describing most secure settings of Microsoft Defender A: Microsoft Defender is a comprehensive security solution that protects your Windows devices from various threats,…
Millions of GitHub Repos Found Infected with Malicious Code
Security researchers have uncovered a massive campaign of repository confusion attacks on GitHub, affecting over 100,000 repositories and potentially millions more. This sophisticated cyberattack targets developers by tricking them into downloading and using malicious repositories disguised as legitimate ones. You…
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET,…
Lazarus Hackers Exploited Windows 0-Day to Gain Kernel read/write Access
The Lazarus Group, a well-known cybercriminal organization, has recently exploited a zero-day vulnerability in Windows to gain kernel privileges, a critical level of system access. This vulnerability, identified as CVE-2024-21338, was found in the appid.Sys AppLocker driver was patched by…
Vulnerabilities in business VPNs under the spotlight
As adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber risk This article has been indexed from WeLiveSecurity Read the original article: Vulnerabilities in business…
BobTheSmuggler: Open-source tool for undetectable payload delivery
BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight. BobTheSmuggler is helpful in phishing campaign assessments, data exfiltration exercises, and assumed breach scenarios.…
Cybersecurity startup makes open source pay, gains funding in a down market
Filigran is now instrumental in organizing and analyzing cybercrime data, managing the modeling of multiple ransomware campaigns and enhancing response to cyber incidents. This article has been indexed from Security News | VentureBeat Read the original article: Cybersecurity startup makes…
How organizations can navigate identity security risks in 2024
Managing IAM challenges in hybrid IT environments requires a holistic approach, integrating solutions and automating processes to ensure effective access controls and operational efficiency. In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks…
President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations
U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens’ personal data to countries of concern. The Executive Order also “provides safeguards around other activities that can give those countries access to Americans’ sensitive data,” the…
Ransomware infection reach extends to Data Backups
For years, IT experts have emphasized the importance of maintaining backups for data and applications, highlighting their crucial role in swiftly recovering from cyber-attacks. Indeed, having such backup systems in place can preserve data continuity during unexpected incidents, thereby minimizing…
OpenCTI maker Filigran raises $16 million for its cybersecurity threat management suite
Paris-based cybersecurity startup Filigran is capitalizing on the success of OpenCTI to build a suite of open-source threat management products. The company has already found some early traction with OpenCTI, its open-source threat intelligence platform. That’s why the company recently…
Chinese PC-maker Acemagic customized its own machines to get infected with malware
Tried to speed boot times, maybe by messing with ‘Windows source code’, ended up building a viral on-ramp Chinese PC maker Acemagic has admitted some of its products shipped with pre-installed malware.… This article has been indexed from The Register…
Cryptojacking is no longer the sole focus of cloud attackers
As commercial adoption of cloud technologies continues, cloud-focused malware campaigns have increased in sophistication and number – a collective effort to safeguard both large and small enterprises is critical, according to Cado Security. Docker remains the most frequently targeted for…
Inside the book: Androids – The Team That Built the Android Operating System
In 2004, Android was two people who wanted to build camera software but couldn’t get investors interested. Android is a large team at Google today, delivering an OS to over 3 billion devices worldwide. In this Help Net Security video,…
Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT
76% of enterprises lack sufficient voice and messaging fraud protection as AI-powered vishing and smishing skyrocket following the launch of ChatGPT, according to Enea. Enterprises report significant losses from mobile fraud 61% of enterprises still suffer significant losses to mobile…
Infosec products of the month: February 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, BackBox, Center for Internet Security, Cisco, CompliancePro Solutions, Cyberhaven, LOKKER, ManageEngine, Metomic, OPSWAT, Pindrop, ProcessUnity, Qualys, SentinelOne, Sumsub,Truffle Security, Vade Secure, and Varonis. CIS…
The CISO’s guide to reducing the SaaS attack surface
SaaS sprawl introduces security risks, operational headaches, and eye-popping subscription costs. Download this guide to learn how to implement a strategic approach to reducing your SaaS attack surface without slowing down the business. Inside the guide, you’ll find: Tools and…