-1.webp)
Cyber Security News
APT Hackers Behind SysJoker Attacking Critical Industrial Sectors
SysJoker malware was initially discovered to be used by the APT group dubbed "WildCard" and was targeting the educational sector of Israel.
CSO
North Korean hackers mix code from proven malware campaigns to avoid detection
Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack.
Infosecurity News
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs
Latest Hacking News
Konni RAT Malware Campaign Spreads Via Malicious Word Files
Researchers caught a new campaign from the notorious Konni RAT malware exploiting malicious Word files. The threat actors distribute the malware via malicious macros embedded in Word files that infect the target systems. Konni RAT Malware
SecurityWeek
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
CyberScoop
Shadowy hacking group targeting Israel shows outsized capabilities
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
-1.webp)
Cyber Security News
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive
SysJoker malware, a multi-platform backdoor with several variants for Windows, Linux, and Mac, has been observed being used by a Hamas-affiliated APT to target Israel. This malware was first identified by Intezer in 2021 and was recently used in targeted attacks. Checkpoint researchers disclosed the malware’s growth, variations in the intricacy of its execution flow, and […]
The Record
Suspected Hamas-linked hackers target Israel with new version of SysJoker malware
Cybersecurity companies Check Point and Intezer analyzed what appears to be a rewrite of backdoor malware that targeted Israel's education sector as early as 2021.
Bleeping Computer
New Rust-based SysJoker backdoor linked to Hamas hackers
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
Security Affairs
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
Researchers reported that a Hamas-linked APT group is using a rust-based SysJoker backdoor against Israeli entities.
Trend Micro
ParaSiteSnatcher How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
Security Affairs
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
US CISA added Looney Tunables Linux vulnerability (tracked as CVE-2023-4911) to its Known Exploited Vulnerabilities catalog.
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
Bleeping Computer
CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.
Cyber Security News
LummaC2 Employs Trigonometry to Track Mouse Movements
MaaS (Malware-as-a-Service) thrives as a top choice for new cyber threats, offering easy access to powerful tools. Threat actors primarily focus on information theft under Maas, specializing in stealing and leaking sensitive data from hacked devices.
The Hacker News
Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals
Play ransomware has turned into Ransomware-as-a-Service (RaaS), allowing other cybercriminals to use it.
Cyber Security News
Hackers Attacking Apache Web Servers to Install Coinminers
An attack campaign that installs XMRig Coinminer on Windows web servers that run on Apache has been discovered recently.
The Hacker News
Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
China-linked Mustang Panda cyber actor targets Philippines government entity amid South China Sea tensions.
.webp)
Cyber Security News
LitterDrifter Powershell Worm Rapidly Spreads on USB Drives by Itself
Gamaredon (aka Primitive Bear, ACTINIUM, and Shuckworm), stands out in Russian espionage by exclusively targeting Ukrainian entities.
SecurityWeek
Russia's LitterDrifter USB Worm Spreads Beyond Ukraine
Russian Gamaredon’s self-propagating LitterDrifter USB worm spreads from Ukraine to the US and other countries.
The Hacker News
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
New LummaC2 malware uses trigonometry-based tactic to differentiate between users and security systems, evading sandboxes and security analyses.
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Security Affairs
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB.
Ars Technica
Details emerge of surprise board coup that ousted CEO Sam Altman at OpenAI
Microsoft CEO Nadella "furious"; OpenAI President and three senior researchers resign.
The Hacker News
8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
The threat actors behind the 8Base ransomware are utilizing a variant of the Phobos ransomware for their attacks.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
DarkReading
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.
SecurityWeek
Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin
Researchers uncover the activities of Appin, a hack-for-hire Indian firm involved in espionage, surveillance, and disruptive attacks.
Bleeping Computer
MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet
MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals.
SecurityWeek
Google Adds Passkey Support to New Titan Security Key
Google launches new Titan security key with passkey support, allowing users to store up to 250 unique passkeys.
CyberSecurity Dive
Clorox CISO departs months after cyberattack
The C-suite change comes in the aftermath of a cyberattack that damaged IT infrastructure, led to widespread disruption and negatively impacted earnings.
Cyber Security News
Wireshark 4.2.0 Released - What’s New!
Wireshark is a popular open-source network protocol analyzer that is primarily used by security experts and network administrators.
SecurityWeek
Data Security Firm ALTR Banks $25M Series C
Florida late-state startup ALTR gets another cash infusion to expand markets for data security technologies.
Bleeping Computer
Windows 11 KB5032190 update enables Moment 4 features for everyone
Microsoft has released the KB5032190 cumulative update to fix security vulnerabilities in Windows 11. This is the first Patch Tuesday update with access to Windows 11 Moment 4 features, provided you turn on the "Get latest updates" toggle.
Cyber Security News
10 Best Network Security Companies For CISO - 2024
Best Network Security Companies for CISO: 1. Perimeter81 2. Palo Alto Networks 3. Cisco 4. Check Point 5. IBM 6. Crowdstrike 7. Trend Micro.
SecurityWeek
MySQL Servers, Docker Hosts Infected With DDoS Malware
Researchers warn attackers are targeting MySQL servers and Docker hosts to plant malware capable of launching distributed DDoS attacks.
Cyber Security News
Stealc Malware Steals Passwords & Credit Cards From Chrome & Firefox
Cybersecurity researcher, Aziz Farghly recently discovered an infostealer, "Stealc." Plymouth has promoted Stealc, a new non-resident stealer
The Hacker News
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Publicly-accessible Docker Engine API instances are under attack! Threat actors aim to create a DDoS botnet called OracleIV.
The Hacker News
New Campaign Targets Middle East Governments with IronWind Malware
Government entities in the Middle East are under attack by a new phishing campaign employing the IronWind downloader.
The Hacker News
Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers
Vietnamese hackers behind Ducktail malware launch a new campaign targeting Indian marketing pros.
Trend Micro
A Closer Look at ChatGPT's Role in Automated Malware Creation
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
Cyber Security News
SentinelOne Set to Acquire a Cybersecurity Consulting Firm, Krebs Stamos Group
In a strategic move aimed at addressing the escalating challenges posed by cyber threats in today's interconnected world, SentinelOne, a global leader in AI security, has unveiled the PinnacleOne Strategic Advisory Group.
The Hacker News
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
Researchers warn of BiBi-Windows Wiper, a dangerous Windows version of a wiper malware used in cyber attacks on Israel.
Cyber Security News
MOVEit Hackers Turn to SysAid Servers Zero-Day Vulnerability
SysAid disclosed a zero-day which was affecting on-premises SysAid servers. The vulnerability was found to be a path traversal vulnerability.
Bleeping Computer
Hackers breach healthcare orgs via ScreenConnect remote access
Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool.
CyberNews
Tech startup Bitwise founders charged in $100 million financial fraud scheme
The federal complaint charges the founders with conspiring to commit wire fraud and taking more than $100,000,000.
Cyber Security News
Hackers Weaponize PDF Files to Deliver Multiple Ransomware Variants
PDF files are commonly used for their versatility, making them a prime target for malware delivery because they can embed malicious scripts or links.
Trend Micro
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
Bleeping Computer
BlueNoroff hackers backdoor Macs with new ObjCShellz malware
The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices.
Infosecurity News
New BlueNoroff Malware Variant Targets Cryptocurrency Exchanges
Jamf Threat Labs found a Mach-O universal binary communicating with an identified malicious domain
CyberNews
Kim’s cyber army has a new malware toy targeting Apple devices
A cybercrime group from North Korea was found to be using a new, fairly simple yet very functional malware that helps attackers commit financial crimes targeting MacOS.
The Hacker News
N. Korean BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware
BlueNoroff, linked to North Korea's Lazarus Group, is behind a new macOS malware called ObjCShellz.
DarkReading
Kinsing Cyberattackers Debut 'Looney Tunables' Cloud Exploits
Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials.
The Hacker News
Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sectors
Iranian-linked Agonizing Serpens APT group using novel wiper malware and tactics to target Israeli education and tech sectors.
Cyber Security News
Hackers Spreading WhatsApp Spy Mods Via Telegram
WhatsApp mods are not officially supported by WhatsApp and can vary in popularity. Some users are attracted to them for extra features.
Cyber Security News
Threat and Vulnerability Roundup for the week of October 29th to November 4th
welcome to Cyber Writes' weekly publication - the Threat and Vulnerability Roundup! Get ready to dive into the latest and greatest in cybersecurity, as we bring you the most up-to-date information each week.
CyberSecurity Dive
Microsoft overhauls cyber strategy to finally embrace security by default
The plan follows major backlash Microsoft experienced earlier this year for charging customers for additional security features.
Cyber Security News
3,000+ Apache ActiveMQ Servers Vulnerable to RCE Attacks
Apache ActiveMQ servers exposed to the internet are at risk due to a critical remote code execution (RCE) vulnerability.
Ars Technica
This tiny device is sending updated iPhones into a never-ending DoS loop
No cure yet for a popular iPhone attack, except for turning off Bluetooth.
DarkReading
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library
While Microsoft patched the issues in June, support for SketchUp appears to remain disabled in Microsoft 365.
-1.webp)
Cyber Security News
Iranian APT Group Utilize IIS-based Backdoors to Compromise Windows servers
A new threat actor who is found to be associated with Iran's Ministry of Intelligence and Security IIS conduct cyberespionage campaigns.
SecurityWeek
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks
Check Point reports that an Iranian APT has been observed using a new malware framework in targeted attacks in the Middle East.
The Hacker News
Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East
Iranian threat actor "Scarred Manticore" has launched a year-long cyber espionage campaign targeting the Middle East finance, government, military.
Bleeping Computer
Malicious NuGet packages abuse MSBuild to install malware
A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily.
The Hacker News
Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
Arid Viper, a cyber espionage group linked to Hamas, has been exposed for its Android spyware campaign disguised as a dating app.
Infosecurity News
Half of Execs Request Security Bypass Over Past Year
Ivanti highlights a “conduct gap” between actions and words
Infosecurity News
Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams
ISC2’s CEO says the c-suite appears to be more concerned with economic risk than cyber risk
Ars Technica
Windows CE, Microsoft’s stunted middle child, reaches end of support at 26 years
From netbooks and PDAs to ATMs, voting kiosks, and ungainly presidential phones.
CyberSecurity Dive
SEC charges SolarWinds, its CISO with fraud
The company allegedly misled investors regarding its cybersecurity practices and failed to disclose known risks, according to a complaint.
The Hacker News
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
Pro-Hamas hacktivist group using a new Linux-based malware, BiBi-Linux Wiper, to target Israeli entities amid ongoing conflict.
SecurityWeek
Proofpoint to Acquire Tessian for AI-Powered Email Security Tech
Proofpoint removes a formidable competitor from the crowded email security market and adds technology to address risk from misdirected emails.
The DFIR Report
Netsupport Intrusion Results in Domain Compromise - The DFIR Report
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More
Bleeping Computer
New Hunters International ransomware possible rebrand of Hive
A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag.
Cyber Security News
11 Best Cloud Access Security Broker Software (CASB) - 2023
Best Cloud Access Security Broker (CASB) Software: 1. DoControl CASB 2. Microsoft Cloud App Security 3. Forcepoint 4. Palo Alto Networks.
SecurityWeek
Advanced 'StripedFly' Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools
The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner.
Infosecurity News
UK IT Pros Worried About C-Suite Training Gap Ahead of AI Safety Summi
93% of professionals express concerns about their company’s C-suite ambitions for generative AI
CSO
Businesses face “silent infiltration” of generative AI as use spirals out of control
Business leaders appear to have lost control over the deployment of generative AI despite just 28% of organizations expressly permitting its use.
Cyber Security News
QNAP Eliminates Server Responsible for Extensive Brute-force Attacks
On October 14, 2023, the company discovered a big wave of weak password attacks. Within 7 hours, the QNAP Product Security Incident Response Team (QNAP PSIRT) successfully blocked hundreds of zombie network IPs using QuFirewall, thereby defending several QNAP NAS devices that were exposed to the internet from further attack.
SecurityWeek
Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day
Russian APT Winter Vivern exploits a zero-day in the Roundcube webmail server in attacks targeting European governments.
Infosecurity News
AWS: Security Not a Priority For a Third of SMBs
Cloud giant debunks common misconceptions
SecurityWeek
Censys Banks $75M for Attack Surface Management Technology
Michigan startup raises $75 million in new funding as venture capital investors bet big on attack surface management technologies.
Bleeping Computer
European govt email servers hacked using Roundcube zero-day
The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day since at least October 11 to attack European government entities and think tanks.
The Hacker News
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
Brazil's popular PIX payment system is under attack! Cybercriminals are using a new malware, GoPIX, to target users searching for "WhatsApp web."
DarkReading
Meet Rhysida, a New Ransomware Strain That Deletes Itself
Emerging RaaS operation uses Rhysida ransomware paired with a wicked infostealer called Lumar, researchers warn.
Bleeping Computer
Hackers backdoor Russian state, industrial orgs for data theft
Several state and key industrial organizations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations.
SecurityWeek
Stealth Techniques Used in 'Operation Triangulation' iOS Attack Dissected
Kaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks.
CSO
Hamas’ online infrastructure reveals ties to Iran, researchers say
An analysis from Recorded Future’s Insikt Group research unit offers insight into the online infrastructure used by Hamas, as well as its apparent links to the Iranian government.
Infosecurity News
QuasarRAT Deploys Advanced DLL Side-Loading Technique
Uptycs researchers said the technique exploits Microsoft files to execute malicious commands
SecurityWeek
Enterprise Browser Startup Island Banks $100M in Funding
Since 2020, Island has raised a total of $325 million to help protect corporate data flowing through SaaS and internal web applications.
Bleeping Computer
QNAP takes down server behind widespread brute-force attacks
QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices with weak passwords.
The Hacker News
DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan
Discover the latest cyber threat: DoNot Team's Firebird backdoor targeting Pakistan and Afghanistan.
Cyber Security News
Hackers Using Money-Making Scripts to Deliver Multiple Malware
The FBI warned about attacks on government and non-profit organizations in April, which involved deploying multiple malware strains on victim devices.
The Hacker News
Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar
DLL side-loading, a tactic used by malicious actors, helps Quasar RAT and other malware evade detection, steal data.
The Record
Hamas likely cooperates with hackers to stay online
Researchers have discovered possible signs of cooperation between the Palestinian militant organization Hamas and one of the longest-running groups of Arabic-speaking hackers.
Cyber Security News
Iranian Crambus Actors Modify Windows Firewall Rules To Enable Remote Access
The Crambus espionage group, formally known as OilRig or APT34, has a lengthy history and a great deal of experience conducting prolonged attack.
Ars Technica
RIP to my 8-port Unifi switch after years and years of Texas outdoor temps
Turns out that only lightning could kill the otherwise-unkillable US-8-150W.
CyberScoop
Hamas-linked app offers window into cyber infrastructure, possible links to Iran
The administrators of a news site linked to Hamas have struggled to keep it online amid fighting with Israel.
Cyber Security News
Hackers Use Discord for C&C to Exploit Jupyter Notebooks & SSH
Jupyter Notebooks that are exposed to the internet are targeted by a crypto jacking campaign called Qubit Strike, discovered by Cado Security Labs.
SecurityWeek
CipherStash Raises $3 Million for Encryption-in-Use Technology
Australian startup ChipherStash raises $3 million in seed funding for technology that keeps data encrypted in use.
CSO
Most organizations globally have implemented zero trust
Zero-trust adoption is growing according to a recent report from Okta that found 61% of organizations have already implemented a zero-trust initiative.
SecurityWeek
Fraud Prevention Firm Fingerprint Raises $33 Million
Fingerprint has raised $33 million in a Series C funding round to expand presence into the enterprise market.
DarkReading
Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack
Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.
Trend Micro
Beware Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
The Hacker News
New PEAPOD Cyberattack Campaign Targeting Women Political Leaders
A new cyber campaign targets EU military & political leaders focusing on gender equality. The cyber collective behind it blurs lines between financial
CSO
Generative AI is scaring CISOs – but adoption isn’t slowing down
Including security concerns at the beginning of any generative AI adoption discussion is key, but meanwhile the good news is cybersecurity budgets for AI are rising.
Trend Micro
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
SecurityWeek
SYN Ventures Announces $75 Million Seed Fund for US Cybersecurity Firms
Venture capital firm SYN Ventures announces first closing of $75 million cybersecurity seed fund for US cybersecurity companies.
The Hacker News
Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released
Security Advisory : Two major security flaws in the Curl data transfer library exposed.
Trend Micro
DarkGate Opens Organizations for Attack via Skype, Teams
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment.
SecurityWeek
ICS Patch Tuesday: Siemens Ruggedcom Devices Affected by Nozomi Component Flaws
ICS Patch Tuesday: Siemens and Schneider Electric release over a dozen advisories addressing more than 40 vulnerabilities.
Bleeping Computer
Windows 11 KB5031354 cumulative update released with new features
Microsoft has released the Windows 11 22H2 KB5031354 cumulative update to fix security vulnerabilities. This is the first Patch Tuesday update with access to Windows 11 Moment 4 features provide you turn on the "Get latest updates" toggle
Bleeping Computer
Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws
Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities.
Cyber Security News
Hackers Exploiting Citrix NetScaler Vulnerability to Steal User Credentials
Threat actors were attacking unpatched NetScaler Gateways using the vulnerability classified as CVE-2023-3519, to inject malicious script.
Infosecurity News
Half of CISOs Now Report to CEO as Influence Grows
Trend is more pronounced in Europe than America
SecurityWeek
Magecart Web Skimmer Hides in 404 Error Pages
A newly identified Magecart web skimming campaign is tampering with ‘404’ error pages to hide malicious code.
CyberSecurity Dive
CISO salaries are up, but growth is slowing
Security budget growth scaled back this year amidst economic uncertainty, inflation and increased borrowing costs, which impacted funding for cyber talent, IANS found.
Bleeping Computer
GNOME Linux systems exposed to RCE attacks via file downloads
A memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on GNOME Linux systems.
DarkReading
'Looney Tunables' Linux Flaw Sees Snowballing Proof-of-Concept Exploits
Following the publication of the critical Linux security vulnerability, security specialists released PoC exploits to test the implications of CVE-2023-4911.
Cyber Security News
Snake Keylogger Steals victim Logins, Keystrokes, & Capture Screen
Snake Keylogger, a .NET infostealer malware, also known as 404 Keylogger, steals credentials, keystrokes, and screenshots, collects system info
SecurityWeek
Credential Harvesting Campaign Targets Unpatched NetScaler Instances
Threat actors are targeting Citrix NetScaler instances unpatched against CVE-2023-3519 to steal user credentials.
Cyber Security News
Threat Actors Employ Remote Admin Tools to Gain Access over Corporate Networks
Cybersecurity researchers at CRIL (Cyble Research and Intelligence Labs) noted a campaign targeting Russian users, where threat actors created phishing sites mimicking restricted apps
Bleeping Computer
Bounty offered for secret NSA seeds behind NIST elliptic curves algo
A bounty of $12,288 has been announced for the first person to crack the NIST elliptic curves seeds and discover the original phrases that were hashed to generate them.
Latest Hacking News
EvilProxy Phishing Targets Microsoft 365 Accounts Via Indeed.com Redirects
Researchers have found a new EvilProxy phishing campaign that targets Microsoft 365 accounts. To trick users, the threat actors exploit the open redirects from Indeed.com website. Users need to remain vigilant with interacting with job
SecurityWeek
Android Devices With Backdoored Firmware Found in US Schools
Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, Human Security warns.
Bleeping Computer
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions.
Infosecurity News
Critical Glibc Bug Puts Linux Distributions at Risk
Qualys identified and exploited the vulnerability in Fedora 37/38, Ubuntu 22.04/23.04, Debian 12/13
SecurityWeek
Qakbot Hackers Continue to Push Malware After Takedown Attempt
Qakbot cybercriminals continue to push malware, which shows they are still operational after the recent takedown attempt.
The Hacker News
Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack
ESET discovers a targeted cyber-espionage campaign in Guyana.
Cyber Security News
EvilProxy Attacking Microsoft 365 Users Abusing Open Redirection With Indeed.com
This campaign, which started in July and continued into August, employed a sophisticated phishing kit known as 'EvilProxy.'
CyberSecurity Dive
CISA pivots focus to China-linked threats against critical infrastructure
The agency now considers China the top nation-state threat, after a heavy emphasis on risks related to the Russia-Ukraine war.
CSO
Organizations grapple with detection and response despite rising security budgets
About 76% of CISOs said their organizations take an average of six months or longer to detect and respond to an incident, according to an EY study.
The Record
Suspected China-linked hackers target Guyana government with new backdoor
A cyber espionage campaign has been targeting government agencies in Guyana with a previously undocumented backdoor used to harvest sensitive information, according to new research.
Trend Micro
Exposing Infection Techniques Across Supply Chains and Codebases
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
DarkReading
Turnkey Rootkit for Amateur Hackers Makes Supply Chain Attacks Easy
It's never been easier to hide malware in plain sight in open source software package repositories, and "DiscordRAT 2.0" now makes it easy to take advantage of those who stumble upon it.
Infosecurity News
EvilProxy Phishing Attack Strikes Indeed, Targets Executives
Menlo Labs brought this discovery to light in an advisory published on Tuesday
SecurityWeek
Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions
A local privilege escalation vulnerability (CVE-2023-4911) in the GNU C Library (glibc) can be exploited to gain full root privileges.
The Hacker News
Wing Disrupts the Market by Introducing Affordable SaaS Security
Wing Security's newest tier redefines SaaS security essentials! For just $1,500/year, unlock shadow IT discovery, automated risk assessments, and user
The Hacker News
Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack
⚠️ Watch out, developers! A rogue rootkit named r77 has been found in a deceptive npm package. This is the first-ever case of a package delivering a r
The Hacker News
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
New Linux vulnerability (CVE-2023-4911) named Looney Tunables found in the GNU C library's dynamic loader. Exploitation could lead to root privileges.
CyberSecurity Dive
Threats in cloud top list of executive cyber concerns, PwC finds
Lack of tech talent is a contributing factor, as more than 2 in 5 executives grapple with in-house skills gaps.
Ars Technica
Active attacks exploiting WS_FTP pose a grave threat to the Internet
Will attacks be as big as those targeting MOVEit? Maybe not, but they still can be plenty bad.
Bleeping Computer
New 'Looney Tunables' Linux bug gives root on major distros
A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader.
SecurityWeek
US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
An open redirection vulnerability in the popular job search platform Indeed has been exploited in a series of phishing attacks.
Bleeping Computer
Microsoft Defender no longer flags Tor Browser as malware
For Windows users who frequently use the TorBrowser, there's been a pressing concern. Recent versions of the TorBrowser, specifically because of the tor.exe file it contained, were being flagged as potential threats by Windows Defender.
CyberSecurity Dive
C-suite leaders to boost cybersecurity compliance amid SEC disclosure rule: Deloitte
Almost two-thirds of corporate executives plan to strengthen their respective programs, and push third-party vendors to take similar measures as new incident reporting rules begin.
DarkReading
North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org
The Lazarus Group's "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.
Cyber Security News
New Android Banking Malware Pose as Government App to Target Users
In the cybercrime landscape, researchers at Securelist have also reported on new Lumma stealer and Zanubis Android banking malware versions.
Infosecurity News
BunnyLoader Malware Targets Browsers and Cryptocurrency
Coded in C/C++, the tool is a fileless loader that conducts malicious activities in memory
-1.webp)
Cyber Security News
BunnyLoader: New Malware-as-a-Service (MaaS) Under Rapid Development
A new malware-as-a-service (MaaS) loader under the name “BunnyLoader” has been discovered to be sold in multiple hacking forums.
The Hacker News
BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
BunnyLoader, the latest malware-as-a-service, is up for sale in the dark web. It can steal your data, replace your crypto address
The Hacker News
Iranian APT Group OilRig Using New Menorah Malware for Covert Operations
Iranian cyber group OilRig strikes again with spear-phishing campaign, deploying a new Menorah malware for cyberespionage.
Bleeping Computer
Lazarus hackers breach aerospace firm with new LightlessCan malware
The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor.
Trend Micro
APT34 Deploys Phishing Attack With New Malware
We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.
Ars Technica
A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day
If your software package involves VP8 video encoding, it's likely vulnerable to attack.
The Hacker News
China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
BlackTech, a notorious state-backed hackers from China, are using router backdoors to quietly to breach government, tech, and media sectors in the U.S
CSO
New Trojan ZenRAT masquerades as Bitwarden password manager
A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities.
Cyber Security News
HiddenGh0st Malware Attacking MS-SQL & MySQL Servers
A remote control malware called Gh0st RAT, which is popular with Chinese threat actors and has publicly available source code was created by China's C. Rufus Security Team.
The Hacker News
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
Beware of AtlasCross! They're using Red Cross-themed phishing to deploy sneaky backdoors.
CyberSecurity Dive
Cisco’s big bet on Splunk accelerates market shifts
The AI-equipped SIEM and observability market isn’t Cisco’s for the taking, as opportunities abound for other vendors to claim share.
Cyber Security News
Exela Stealer Attacking Discord Users to Steal Login Credentials
Cybersecurity researchers at Cyble Research and Intelligence (CRIL) discovered the 'Exela-V2.0-main.rar' zip file on September 14th, revealing a new 'Exela' stealer.
Bleeping Computer
Windows 11 KB5030310 preview update released with 26 fixes
Microsoft has released the September 2023 preview update for Windows 11, version 22H2, which adds frequently visited websites to the Start menu and addresses 24 issues.
Bleeping Computer
Windows 11 KB5030310 update adds recommended websites, fixes 24 issues
Microsoft has released the September 2023 preview update for Windows 11, version 22H2, which adds frequently visited websites to the Start menu and addresses 24 issues.
Bleeping Computer
New AtlasCross hackers use American Red Cross as phishing lure
A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware.
Bleeping Computer
Hackers actively exploiting Openfire flaw to encrypt servers
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.
SecurityWeek
UAE-Linked APT Targets Middle East Government With New 'Deadglyph' Backdoor
UAE-linked APT group Stealth Falcon has used the new Deadglyph backdoor in an attack targeting a governmental entity in the Middle East.
Infosecurity News
CISA Publishes Hardware Bill of Materials Framework
Agency says it will help firms better manage supply chain risk
SecurityWeek
Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
A stealthy APT known as Gelsemium has been observed targeting a government entity in Southeast Asia for intelligence collection.
The DFIR Report
From ScreenConnect to Hive Ransomware in 61 hours - The DFIR Report
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such … Read More
CyberSecurity Dive
CISA urges use of memory safe code in software development
Unsafe programming languages, like C and C++, account for more than 70% of security vulnerabilities.
The Hacker News
Iranian Nation-State Actor OilRig Targets Israeli Organizations
OilRig, Iran's state-backed actor, aims at Israeli entities with spear-phishing tactics. Learn about the Outer Space and Juicy Mix campaigns.
Trend Micro
Examining the Activities of the Turla APT Group
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
Bleeping Computer
Microsoft Copilot rolls out with Windows 11 22H2 update next week
Microsoft will start rolling out its Copilot digital assistant to all customers next week, on September 26th, together with a host of new AI-powered capabilities as part of a new Windows 11 22H2 update.
SecurityWeek
Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks
FBI and CISA are warning critical infrastructure organizations of ongoing Snatch ransomware attacks, which also involve data exfiltration.
Bleeping Computer
P2PInfect botnet activity surges 600x with stealthier malware variants
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023.
Infosecurity News
#mWISE: US to Implement Game-Changing Cyber Mandates on Medical Device
A new legal requirement for medical devices in the US will introduce the first-ever SBOM mandate for the consumer market
Ars Technica
The Signal Protocol used by 1+ billion people is getting a post-quantum makeover
Update prepares for the inevitable fall of today's cryptographic protocols.
The Hacker News
Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT
Chinese-language speakers under attack! Multiple email phishing campaigns are distributing dangerous malware, including ValleyRAT.
CSO
Skyhawk Security ranks accuracy of LLM cyberthreat predictions
Generative AI benchmark evaluates the ability of large language models to identify and score cybersecurity threats within cloud logs and telemetries.
Trend Micro
Attacks on 5G Infrastructure From Users’ Devices
Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks.
Infosecurity News
Chinese Group Exploiting Linux Backdoor to Target Governments
The new backdoor is being used by Earth Lusca to conduct cyber-espionage campaigns, primarily against governments in Asia and the Balkans
The Hacker News
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
Earth Lusca, a China-linked group, is using a stealthy Linux backdoor called SprySOCKS to target government entities worldwide.
CyberSecurity Dive
SEC cyber disclosure rules: What’s the role of the CIO?
CIOs are on the front lines of managing the IT estate, making them a critical part of rapid incident response.
Cyber Security News
Best Software Defined Perimeter (SDP) Tools in 2023
Best Software Define Perimeter Tools & Software : 1. Perimeter 81 SDP 2. Good Access 3. Twingate SDP 4. NetMotion SDP 5. Appgate SDP and more.
Infosecurity News
TikTok Fined $368m For Child Data Privacy Offenses
Chinese social media giant broke GDPR several times over
Trend Micro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
Bleeping Computer
TikTok slapped with $368 million fine over child privacy violations
The Irish Data Protection Commission (DPC) has fined TikTok €345 million ($368 million) for violating the privacy of children between the ages of 13 and 17 while processing their data.
The Hacker News
DDoS 2.0: IoT Sparks New DDoS Alert
IoT devices are transforming efficiency, but they're vulnerable to DDoS attacks. Discover the unique challenges and defenses in our latest article
%20Penetration%20Testing%20(1).webp)
Cyber Security News
Point Of Sale Device (POS) Penetration Testing - A Practical Guide 2023
Penetration testing of point-of-sale (POS) devices is essential to ensure the security of payment systems and protect sensitive customer data
Bleeping Computer
Windows 11 Snipping Tool gets OCR support to copy text from images
Microsoft has added text recognition support to the latest Snipping Tool build, allowing users to select and copy text from screenshots.
The Hacker News
N-Able's Take Control Agent Vulnerability Exposes Windows Systems
A high-severity Time-of-Check to Time-of-Use (TOCTOU) (CVE-2023-27470) in N-Able's Take Control Agent could give hackers SYSTEM privileges.
SecurityWeek
How Next-Gen Threats Are Taking a Page From APTs
Cybersecurity teams must integrate their security technologies to defend networks against the evolution of advanced persistent threats (APTs)
SecurityWeek
SecurityWeek to Host Cyber AI & Automation Summit
Cyber AI Summit will explore cybersecurity use-cases for artificial intelligence (AI) technology and the race to protect LLM algorithms from adversarial use.
Trend Micro
RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware
In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.
CSO
Code Intelligence unveils new LLM-powered software security testing solution
CI Spark automates the generation of fuzz tests and uses LLMs to automatically identify attack surfaces and suggest test code.
SecurityWeek
Iranian Cyberspies Deployed New Backdoor to 34 Organizations
Iran-linked cyberespionage group Charming Kitten has infected at least 34 victims in Brazil, Israel, and UAE with a new backdoor.
SecurityWeek
ICS Patch Tuesday: Critical CodeMeter Vulnerability Impacts Several Siemens Products
ICS Patch Tuesday: Siemens has released 7 new advisories and Schneider Electric has released 1 new advisory.
SecurityWeek
China-Linked 'Redfly' Group Targeted Power Grid
Symantec warns that the Redfly APT appears to be focusing exclusively on targeting critical national infrastructure organizations.
Cyber Security News
Loda Malware Attack Windows To Control RDP, Spread Malware, And Log User Inputs
Threat actors have been actively employing Loda, a remote access trojan (RAT) developed in AutoIT, to attack Windows and gain RDP access
The Record
New backdoor tool spotted in use against targets in Brazil, Israel, UAE
The hacker group labeled Ballistic Bobcat, also known as Charming Kitten, deployed the malware at least 34 victims, ESET said. The researchers are calling the backdoor Sponsor.
Cyber Security News
Weaponized Telegram App Infected Over 60K Android Users
several Telegram mods on Google Play in various languages (traditional Chinese, simplified Chinese, and Uighur), claiming to be the fastest apps with a global network of data centers.