A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of…
Tag: The Hacker News
Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all…
RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage
The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The Program Compatibility Assistant Service (pcalua.exe) is a Windows service designed to identify and address compatibility issues with older…
3 Things CISOs Achieve with Cato
Being a CISO is a balancing act: ensuring organizations are secure without compromising users’ productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of…
Ande Loader Malware Targets Manufacturing Sector in North America
The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users…
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS…
DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack
A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. “During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open…
Demystifying a Common Cybersecurity Myth
One of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own—this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes…
PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users
The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app’s icon from the…
Researchers Highlight Google’s Gemini AI Susceptibility to LLM Threats
Google’s Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced…
Join Our Webinar on Protecting Human and Non-Human Identities in SaaS Platforms
Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts,…
Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub
A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based downloader. “The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a…
Microsoft’s March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws
Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical, 58…
Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets
Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed…
CTEM 101 – Go Beyond Vulnerability Management with Continuous Threat Exposure Management
In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you’d want to do. But if you are looking for ways to continuously reduce risk across your environment while making…
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. “These attacks are orchestrated…
South Korean Citizen Detained in Russia on Cyber Espionage Charges
Russia has detained a South Korean national for the first time on cyber espionage charges and transferred from Vladivostok to Moscow for further investigation. The development was first reported by Russian news agency TASS. “During the investigation of an espionage case, a…
New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics
Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that’s propagated via phishing emails bearing PDF attachments. “This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final…
Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity PAM Essentials
As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can’t be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative…
Data Leakage Prevention in the Age of Cloud Computing: A New Approach
As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where…
BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident “began with the exploitation…
Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT
A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. “Threat actor group Magnet Goblin’s hallmark is its ability…
Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has…
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. “In recent…
Meta Details WhatsApp and Messenger Interoperability to Comply with EU’s DMA Regulations
Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. “This allows users of third-party providers who choose…
Secrets Sensei: Conquering Secrets Management Challenges
In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We’re all familiar with the routine: safeguarding those API keys, connection strings, and certificates…
QEMU Emulator Exploited as Tunneling Tool to Breach Company Network
Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed “large company” to connect to their infrastructure. While a number of legitimate tunneling tools like Chisel, FRP, ligolo, ngrok, and Plink…
Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client
Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the…
CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers…
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks
The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known…
Hacked WordPress Sites Abusing Visitors’ Browsers for Distributed Brute-Force Attacks
Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting…
Human vs. Non-Human Identity in SaaS
In today’s rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of…
Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China
The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former…
New Python-Based Snake Info Stealer Spreading Through Facebook Messages
Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that’s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and…
Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware
Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. “The threat actor is distributing Remote…
Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access.…
Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout
The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. “ALPHV/BlackCat did not get seized. They are exit scamming their affiliates,” security researcher Fabian Wosar said.…
A New Way To Manage Your Web Exposure: The Reflectiz Product Explained
An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks. [Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations, and compliance issues]…
How to Find and Fix Risky Sharing in Google Drive
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn’t anyone’s fault; it’s inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally. …
VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws
VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB…
U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists
The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in “developing, operating, and distributing” commercial spyware designed to target government officials, journalists, and policy…
New APT Group ‘Lotus Bane’ Behind Recent Attacks on Vietnam’s Financial Entities
A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that’s believed to have been active…
Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan…
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws
Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below – CVE-2024-23225 – A memory corruption issue in Kernel that an attacker with…
Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware
North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark…
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets
More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show. These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLine stealer…
Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams
A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. “Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to…
What is Exposure Management and How Does it Differ from ASM?
Startups and scales-ups are often cloud-first organizations and rarely have sprawling legacy on-prem environments. Likewise, knowing the agility and flexibility that cloud environments provide, the mid-market is predominantly running in a hybrid state, partly in the cloud but with some…
Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes
The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (NTLM) hashes. The new attack chain “can be used for sensitive information gathering purposes and to enable follow-on…
Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers
A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score:…
How Cybercriminals are Exploiting India’s UPI for Money Laundering Operations
Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a “key tool for onboarding and managing these money mules,” CloudSEK researchers Sparsh…
From 500 to 5000 Employees – Securing 3rd Party App-Usage in Mid-Market Companies
A company’s lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either experiencing or have experienced rapid growth. As requirements and tasks continue…
Over 100 Malicious AI/ML Models Found on Hugging Face Platform
As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said. “The model’s payload grants…
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. “Structured as a ransomware as a service (RaaS) model,…
U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp
A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant’s ongoing litigation against the Israeli spyware vendor. The decision, which marks a major legal victory for…
U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture
The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to…
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices. “This kit enables attackers to build carbon copies of single sign-on (SSO) pages,…
New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion
Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. “This latest version of Bifrost aims to bypass security measures and compromise targeted systems,” Palo…
4 Instructive Postmortems on Data Downtime and Loss
More than a decade ago, the concept of the ‘blameless’ postmortem changed how tech companies recognize failures at scale. John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident,…
Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities
The Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways, noting that the Integrity Checker Tool (ICT) can be deceived…
GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories
GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories. “This means that when a supported secret is detected in any push to a public repository, you will have the option…
New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems
Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML “enables the exploitation of SAML to launch attacks from an identity provider like…
Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks
The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit…
How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI
As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organization safe. But with threats coming from all around — and hackers dreaming up new exploits every day — how do you create…
GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks
Threat hunters have discovered a new Linux malware called GTPDOOR that’s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2)…
Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269…
New Backdoor Targeting European Officials Linked to Indian Diplomatic Events
A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER. The adversary, according to a report from Zscaler ThreatLabz, used a PDF file in emails that purported to come…
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET,…
President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations
U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens’ personal data to countries of concern. The Executive Order also “provides safeguards around other activities that can give those countries access to Americans’ sensitive data,” the…
Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors
An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, and defense industries in the Middle East, including Israel and the U.A.E. Other targets of the cyber espionage activity likely…
FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks
The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. “Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly…
Building Your Privacy-Compliant Customer Data Platform (CDP) with First-Party Data
In today’s digital era, data privacy isn’t just a concern; it’s a consumer demand. Businesses are grappling with the dual challenge of leveraging customer data for personalized experiences while navigating a maze of privacy regulations. The answer? A privacy-compliant Customer…
Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management
Traditional perimeter-based security has become costly and ineffective. As a result, communications security between people, systems, and networks is more important than blocking access with firewalls. On top of that, most cybersecurity risks are caused by just a few superusers –…
TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users
Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos, which discovered the activity, described the authors as skilled and that the “threat actor has previously used similar…
Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28’s MooBot Threat
In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation…
WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. “This plugin suffers from unauthenticated site-wide…
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub
An “intricately designed” remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost. Written in C# and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT…
From Alert to Action: How to Speed Up Your SOC Investigations
Processing alerts quickly and efficiently is the cornerstone of a Security Operations Center (SOC) professional’s role. Threat intelligence platforms can significantly enhance their ability to do so. Let’s find out what these platforms are and how they can empower analysts.…
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
Cybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. “It’s possible to send malicious pull requests with attacker-controlled data from…
Five Eyes Agencies Expose APT29’s Evolving Cloud Attack Tactics
Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly…
WordPress Plugin Alert – Critical SQLi Vulnerability Threatens 200K+ Websites
A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan…
New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT
Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader. The attack has been attributed to a threat actor…
8,000+ Subdomains of Trusted Brands Hijacked for Massive Spam Operation
More than 8,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at…
North Korean Hackers Targeting Developers with Malicious npm Packages
A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the…
Three Tips to Protect Your Secrets from AI Accidents
Last year, the Open Worldwide Application Security Project (OWASP) published multiple versions of the “OWASP Top 10 For Large Language Models,” reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly…
Banking Trojans Target Latin America and Europe Through Google Cloud Run
Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe. “The infection chains…
LockBit Ransomware Group Resurfaces After Law Enforcement Takedown
The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to…
Authorities Claim LockBit Admin “LockBitSupp” Has Engaged with Law Enforcement
LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, “has engaged with law enforcement,” authorities said. The development comes following the takedown of the prolific ransomware-as-a-service (RaaS) operation as part of a…
Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies
Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. “Microsoft will automatically…
Dormant PyPI Package Compromised to Spread Nova Sentinel Malware
A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to software…
How to Use Tines’s SOC Automation Capability Matrix
Created by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents. A customizable,…
Microsoft Releases PyRIT – A Red Teaming Tool for Generative AI
Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to “enable every organization across the globe to innovate responsibly…
Researchers Detail Apple’s Recent Zero-Click Shortcuts Vulnerability
Details have emerged about a now-patched high-severity security flaw in Apple’s Shortcuts app that could permit a shortcut to access sensitive information on the device without users’ consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January…
FTC Slams Avast with $16.5 Million Fine for Selling Users’ Browsing Data
The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users’ browsing data to advertisers after claiming its products would block online tracking. In addition, the company has…
Apple Unveils PQ3 Protocol – Post-Quantum Encryption for iMessage
Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer. “With compromise-resilient encryption and extensive defenses against…
Russian Government Software Backdoored to Deploy Konni RAT Malware
An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called Konni RAT (aka UpDog). The findings come from German cybersecurity company DCSO, which linked…
A New Age of Hacktivism
In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed…
Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks
A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. “SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network,” Sysdig researcher Miguel…
U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders
The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation. “Since…
New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers
Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted…