Jun 02, 2023Ravie LakshmananBotnet / Malware Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020. "Horabot enables the threat actor to control the victim's Outlook mailbox, exfiltrate contacts' email addresses, and send phishing emails with malicious HTML attachments to all addresses in the victim's mailbox," … [Read more...]
The Importance of Managing Your Data Security Posture
Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do you manage it? Data security posture management (DSPM) became mainstream following the publication of … [Read more...]
Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
Jun 02, 2023Ravie LakshmananMalware / Cyber Threat The Chinese nation-stage group known as Camaro Dragon has been linked to yet another backdoor that's designed to meet its intelligence-gathering goals. Israeli cybersecurity firm Check Point, which dubbed the Go-based malware TinyNote, said it functions as a first-stage payload capable of "basic machine enumeration and command execution via … [Read more...]
North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks
Jun 02, 2023Ravie LakshmananCyber Espionage / APT U.S. and South Korean intelligence agencies have issued a new alert warning of North Korean cyber actors' use of social engineering tactics to strike think tanks, academia, and news media sectors. The "sustained information gathering efforts" have been attributed to a state-sponsored cluster dubbed Kimsuky, which is also known by the names APT43, … [Read more...]
MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited
Jun 02, 2023Ravie Lakshmanan Zero-Day / Vulnerability A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is yet to be assigned a CVE identifier, relates to a severe SQL injection vulnerability that could lead to escalated privileges and potential … [Read more...]
Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks
Jun 01, 2023Ravie LakshmananCyber Threat / Network Security An analysis of the "evasive and tenacious" malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active for a single day. What's more, 50% of the servers don't remain active for more than a week, indicating the use of an adaptable and dynamic C2 infrastructure, Lumen Black Lotus Labs said in a … [Read more...]
New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware
Jun 01, 2023Ravie LakshmananMobile Security / APT A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the … [Read more...]
Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin
Jun 01, 2023Ravie LakshmananCybercrime / Malware Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group. According to Menlo Security, which pieced together the information from different online sources, "Nguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest … [Read more...]
Malicious PyPI Packages Using Compiled Python Code to Bypass Detection
Jun 01, 2023Ravie LakshmananProgramming / Supply Chain Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools. "It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed," ReversingLabs analyst Karlo Zanki … [Read more...]
How Wazuh Improves IT Hygiene for Cyber Security Resilience
IT hygiene is a security best practice that ensures that digital assets in an organization's environment are secure and running properly. Good IT hygiene includes vulnerability management, security configuration assessments, maintaining asset and system inventories, and comprehensive visibility into the activities occurring in an environment. As technology advances and the tools used by … [Read more...]
Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics
Jun 01, 2023Ravie LakshmananEndpoint Security / Encryption The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that strengthen the group's efforts to evade … [Read more...]
N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT
Jun 01, 2023Ravie LakshmananCyber Threat / Malware Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that's employed by the North Korean state-sponsored actor known as ScarCruft. "RokRAT is a sophisticated remote access trojan (RAT) that has been observed as a critical component within the attack chain, enabling the threat actors to gain unauthorized access, … [Read more...]
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
Jun 01, 2023Ravie LakshmananNetwork Security / Exploit The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting different … [Read more...]
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
Jun 01, 2023Ravie LakshmananWebsite Security / WordPress WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that's installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in November 2012. "This vulnerability could be used by … [Read more...]
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining
May 31, 2023Ravie LakshmananServer Security / Cryptocurrency A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for "/nifi" on May 19, 2023. "Persistence is … [Read more...]
Critical Firmware Backdoor in Gigabyte Systems Exposes ~7 Million Devices
May 31, 2023Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and … [Read more...]
Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities
May 31, 2023Ravie LakshmananData protection / Cyber Threat Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data. Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources "ghost sites." "When these Communities are no longer needed, … [Read more...]
Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
May 31, 2023Ravie LakshmananEndpoint Security / Vulnerability Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get around a key security measure called … [Read more...]
6 Steps to Effective Threat Hunting: Safeguard Critical Assets and Fight Cybercrime
May 31, 2023The Hacker NewsThreat Hunting / Cybersecurity Finding threat actors before they find you is key to beefing up your cyber defenses. How to do that efficiently and effectively is no small task – but with a small investment of time, you can master threat hunting and save your organization millions of dollars. Consider this staggering statistic. Cybersecurity Ventures estimates that … [Read more...]
Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks
May 31, 2023Ravie LakshmananAdvanced Persistent Threat The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational entities, government agencies, military bodies, and non-profit organizations, indicating the adversarial crew's continued focus … [Read more...]
- 1
- 2
- 3
- …
- 27
- Next Page »