CSO
North Korean hackers mix code from proven malware campaigns to avoid detection
Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack.
Bleeping Computer
Leveraging Wazuh to combat insider threats
Effective strategies for mitigating insider threats involve a combination of detective and preventive controls. Such controls are provided by the Wazuh SIEM and XDR platform.
-1.webp)
Cyber Security News
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive
SysJoker malware, a multi-platform backdoor with several variants for Windows, Linux, and Mac, has been observed being used by a Hamas-affiliated APT to target Israel. This malware was first identified by Intezer in 2021 and was recently used in targeted attacks. Checkpoint researchers disclosed the malware’s growth, variations in the intricacy of its execution flow, and […]
The Record
Suspected Hamas-linked hackers target Israel with new version of SysJoker malware
Cybersecurity companies Check Point and Intezer analyzed what appears to be a rewrite of backdoor malware that targeted Israel's education sector as early as 2021.
Bleeping Computer
New Rust-based SysJoker backdoor linked to Hamas hackers
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
Researchers reported that a Hamas-linked APT group is using a rust-based SysJoker backdoor against Israeli entities.
Cyber Security News
Firefox 120 Released With Security Updates: What’s New!
10 vulnerabilities are patched, including six 'High Severity' issues and two moderate and low severity issues are fixed.
CyberNews
City in Texas attacked by Akira ransomware gang
Nassau Bay has admitted to having suffered a ransomware attack, leaving more than 8,000 affected.
Bleeping Computer
Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops
Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors.
Infosecurity News
Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware
Identified as CVE-2023-46604, the vulnerability has a CVSS score of 9.8
The Hacker News
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login
🔒 Multiple vulnerabilities found in laptop fingerprint sensors—allowing attackers to bypass Windows Hello authentication on Dell, Lenovo, and Microso
The Hacker News
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
North Korean hackers posing as recruiters infect software developers with cross-platform malware.
Security Affairs
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
US CISA added Looney Tunables Linux vulnerability (tracked as CVE-2023-4911) to its Known Exploited Vulnerabilities catalog.
The Hacker News
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
LockBit ransomware affiliates are exploiting the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.
DarkReading
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers
No one has turned the job market into an attack surface quite like North Korea, which plays both sides for financial gain and, possibly, espionage.
Bleeping Computer
CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.
DarkReading
Kinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto
Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.
.webp)
Cyber Security News
Rhysida Ransomware Attacking Windows Machine Through VPN Devices and RDP
Rhysida, a new ransomware group, hit its first victim in May 2023. They use their ransomware, offered as RaaS (Ransomware-as-a-Service), with at least 50 global victims listed on their website.
Bleeping Computer
Black Friday deal: Get 50% off Malwarebytes Premium + Privacy VPN
Malwarebytes' is running a Black Friday 2023 deal now through Cyber Monday, offering a 50% discount to the Malwarebytes Premium + Privacy VPN bundle until November 30th.
Cyber Security News
Hackers Infect Linux Machines with Rootkits via Apache ActiveMQ Vulnerability
Trend Micro researchers recently revealed Apache ActiveMQ vulnerability (CVE-2023-46604) was actively exploited.
The Hacker News
Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
The Kinsing threat actors are exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency mi
Bleeping Computer
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
Ars Technica
Ransomware group reports victim it breached to SEC regulators
Group tells SEC that the victim is in violation for not reporting it was hacked.
Bleeping Computer
MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet
MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals.
Cyber Security News
Google Chrome Use-After-Free Vulnerability Leads to Browser Crash
Google Chrome Stable Channel Update for Desktop version 119.0.6.45.159 for Mac and Linux and 119.0.6045.159/.160 for Windows.
Cyber Security News
Kubernetes Windows Nodes Vulnerability Let Attacks Gain Admin Privileges
This new vulnerability is based on 3 main things of Kubernetes such as Windows nodes Kubernetes, in-tree plugins, CSI, & persistent volumes.
Cyber Security News
Wireshark 4.2.0 Released - What’s New!
Wireshark is a popular open-source network protocol analyzer that is primarily used by security experts and network administrators.
CSO
Top cybersecurity product news of the week
New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Noname Security, and more.
The Hacker News
U.S. Takes Down IPStorm Botnet, Russian-Moldovan Mastermind Pleads Guilty
U.S. Government Dismantles Global IPStorm Botnet Network! From Windows to Linux, Mac, and Android, the botnet turned infected devices into proxies for
Cyber Security News
FBI Dismantled Notorious IPStorm Botnet Infrastructure
The FBI has achieved a remarkable feat in the fight against cybercrime, dismantling the infamous IPStorm botnet network.
SecurityWeek
US Announces IPStorm Botnet Takedown and Its Creator's Guilty Plea
US government announces the takedown of the IPStorm proxy service botnet and the guilty plea of its creator, a Russian/Moldovan national.
Security Affairs
Law enforcement agencies dismantled botnet proxy service IPStorm
The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind the illegal botnet proxy service IPStorm.
Infosecurity News
US Dismantles IPStorm Botnet Proxy Service
Russian-Moldovan national faces maximum 30-year jail stretch
CyberNews
FBI dismantles IPStorm botnet, operator arrested
FBI dismantled IPStorm botnet, its Russian-Moldovan operator plead guilty.
The Hacker News
Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023.
Bleeping Computer
IPStorm botnet with 23,000 proxies for malicious traffic dismantled
The U.S. Department of Justive announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet proxy service called IPStorm.
Bleeping Computer
VMWare discloses critical VCD Appliance auth bypass with no patch
VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments.
Bleeping Computer
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution.
Cyber Security News
8 New Metasploit Exploit Modules Released Targeting Critical Vulnerabilities
Metasploit is an open-source penetration testing framework created by Rapid7 that enables security professionals to simulate attacks against computer systems, networks, and applications.
SecurityWeek
MySQL Servers, Docker Hosts Infected With DDoS Malware
Researchers warn attackers are targeting MySQL servers and Docker hosts to plant malware capable of launching distributed DDoS attacks.
The Hacker News
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Publicly-accessible Docker Engine API instances are under attack! Threat actors aim to create a DDoS botnet called OracleIV.
The Record
CISA, FBI warn that Royal ransomware gang may rebrand as ‘BlackSuit’
The leading cybersecurity agencies in the U.S. released startling new data on the Royal ransomware gang on Monday, confirming previous reports that the gang may be preparing for a rebrand.
The Record
FBI takes down IPStorm malware botnet as hacker behind it pleads guilty
The FBI dismantled the IPStorm botnet proxy network and its infrastructure this week following a September plea deal with the hacker behind the operation.
Bleeping Computer
FBI: Royal ransomware asked 350 victims to pay $275 million
The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022.
Bleeping Computer
Israel warns of BiBi wiper attacks targeting Linux and Windows
Data-wiping attacks are becoming more frequent on Israeli computers as researchers discovered variants of the BiBi malware family that destroys data on both Linux and Windows systems.
Latest Hacking News
Multiple Vulnerabilities Found In PureVPN – One Remains Unpatched
Researchers spotted a couple of security vulnerabilities in PureVPN Desktop clients for Linux that impact users’ privacy. While PureVPN patched one flaw, another RCE vulnerability remains unpatched. Numerous PureVPN Vulnerabilities Affected Linux Clients Security researchers Rafay Baloch
Cyber Security News
BiBi Wiper Attacking Windows Machine to Cause Data Destruction
The ongoing conflict between Israel and Hamas has taken a new turn as cyberattacks have become a prominent weapon for both sides.
The Hacker News
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
Researchers warn of BiBi-Windows Wiper, a dangerous Windows version of a wiper malware used in cyber attacks on Israel.
Cyber Security News
10 Best Digital Forensic Investigation Tools - 2024
Best Free Digital Forensic Tools: 1. Sleuth Kit (+Autopsy) 2. Forensic Investigator 3.Autopsy 4. Dumpzilla 5. X-Ways Forensics.
Cyber Security News
Burp Suite 2023.10.3.4 Released for Professional & Community - What's New!
developers at PortSwigger released a new version of Burp Suite for ethical hackers and security professionals, which is Burp Suite 2023.10.3.4
SecurityWeek
In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying
EU regulation enables government surveillance, US offering rewards for Iranian hackers, evolution of Chinese spying.
Cyber Security News
SideCopy APT group Exploiting WinRAR Zero-Day to Deliver Ares RAT
SideCopy, the Pakistani-based threat actor, has been using the WinRAR vulnerability (CVE-2023-38831) to target Indian government entities.
Trend Micro
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
DarkReading
'BlazeStealer' Python Malware Allows Complete Takeover of Developer Machines
Checkmarx researchers warn that BlazeStealer can exfiltrate information, steal passwords, disable PCs, and take over webcams.
CyberNews
Google, Meta, Microsoft to join forces defending apps from hackers
Google, Microsoft, and Meta founded a steering committee to improve app security through a newly restructured App Defense Alliance.e
Cyber Security News
Google Calendar RAT Abusing Calendar Events to Create Red Teaming Infrastructure
Google Calendar RAT is a proof of concept for Command & Control . It's useful when setting up a full red teaming infrastructure.
Bleeping Computer
Signal tests usernames that keep your phone number private
Signal is now testing public usernames that allow users to conceal the phone numbers linked to their accounts while communicating with others.
Infosecurity News
EU Rules for Digital Identities and Trust Services Face Backlash
A proposed amendment of eIDAS could “weaken the security of the Internet as a whole”, said a letter signed by over 500 individuals and organizations
The Hacker News
N. Korean BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware
BlueNoroff, linked to North Korea's Lazarus Group, is behind a new macOS malware called ObjCShellz.
The Hacker News
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities
Pakistani threat actor SideCopy exploiting recent WinRAR vulnerability in attacks on Indian government entities.
DarkReading
Kinsing Cyberattackers Debut 'Looney Tunables' Cloud Exploits
Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials.
Bleeping Computer
Hackers exploit Looney Tunables Linux bug, steal cloud creds
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system.
Bleeping Computer
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution (RCE) vulnerability previously exploited as a zero-day.
The Hacker News
U.S. Treasury Targets Russian Money Launderer in Cybercrime Crackdown
U.S. Treasury imposes sanctions on Russian woman for laundering virtual currency for elites and cybercriminal groups, including Ryuk ransomware.
Cyber Security News
Threat and Vulnerability Roundup for the week of October 29th to November 4th
welcome to Cyber Writes' weekly publication - the Threat and Vulnerability Roundup! Get ready to dive into the latest and greatest in cybersecurity, as we bring you the most up-to-date information each week.
The Hacker News
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
StripedFly, a stealthy malware posing as a crypto miner, has infected over a million devices worldwide and has flown under the radar for 5 years.
Bleeping Computer
The Week in Ransomware - November 3rd 2023 - Hive's Back
Over the past couple of months, ransomware attacks have been escalating as new operations launch, old ones return, and existing operations continue to target the enterprise.
The Hacker News
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
Kinsing threat actors spotted exploiting the Linux flaw "Looney Tunables" to breach cloud environments. Learn how they're broadening their attacks.
Cyber Security News
3,000+ Apache ActiveMQ Servers Vulnerable to RCE Attacks
Apache ActiveMQ servers exposed to the internet are at risk due to a critical remote code execution (RCE) vulnerability.
Bleeping Computer
Atlassian warns of exploit for Confluence data wiping bug, get patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.
Ars Technica
This tiny device is sending updated iPhones into a never-ending DoS loop
No cure yet for a popular iPhone attack, except for turning off Bluetooth.
Infosecurity News
AI Safety Summit: OWASP Urges Governments to Agree on AI Standards
The OWASP Foundation has released a call to action ahead of the UK’s AI Safety Summit
.webp)
Cyber Security News
Google Chrome 119 Released: Fix for 15 security Flaws - Patch Now!
Google has released Chrome 119 to the stable channel for Windows, Mac, and Linux, along with 15 security patches.
The Record
EU urged to drop new law that could allow member states to intercept and decrypt global web traffic
More than 100 of the world’s most respected cybersecurity experts have written to European Union lawmakers to warn that a proposed legal reform that may soon become law could fundamentally undermine security online.
Bleeping Computer
Toronto Public Library outages caused by Black Basta ransomware attack
The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack.
Infosecurity News
North Korean Hackers Target macOS Crypto Engineers With Kandykorn
The intrusion, tracked as REF7001 by Elastic Security Labs, uses custom and open source capabilities
SecurityWeek
Chrome 119 Patches 15 Vulnerabilities
Chrome 119 is rolling out to Linux, macOS, and Windows devices with patches for over a dozen vulnerabilities.
Bleeping Computer
Atlassian warns of critical Confluence flaw leading to data loss
Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation.
Bleeping Computer
RCE exploit for Wyze Cam v3 publicly released, patch now
A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices.
Bleeping Computer
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks
A new malware wiper known as BiBi-Linux is being used to destroy data in attacks targeting Linux systems belonging to Israeli companies.
The Hacker News
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
Pro-Hamas hacktivist group using a new Linux-based malware, BiBi-Linux Wiper, to target Israeli entities amid ongoing conflict.
Bleeping Computer
Windows 11 adds support for 11 file archives, including 7-Zip and RAR
Microsoft says Windows 11 22H2 now natively supports almost a dozen additional archive formats, including RAR, 7-Zip, Tar, and GZ archives.
Ars Technica
Microsoft profiles new threat group with unusual but effective practices
Octo Tempest employs tactics that many of its targets aren't prepared for.
SecurityWeek
Advanced 'StripedFly' Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools
The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner.
Bleeping Computer
Microsoft: Octo Tempest one of the most dangerous financial hacking groups
Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks.
Bleeping Computer
Microsoft: Octo Tempest is one of the most dangerous financial hacking groups
Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks.
Cyber Security News
Google Chrome Security Flaw Let Attackers to Crash the Browser
As part of a security update for Chrome, Google has upgraded the Stable channels to 118.0.5993.117 for Mac and Linux and 118.0.5993.117/.118 for Windows.
Bleeping Computer
StripedFly malware framework infects 1 million Windows, Linux hosts
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time.
The Hacker News
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware
New research reveals how the zero-day financial criminal group Scattered Spider leverages sophisticated phishing, SIM swapping, and help desk fraud ta
DarkReading
Complex Spy Platform StripedFly Bites 1M Victims
Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.
SecurityWeek
Firefox, Chrome Updates Patch High-Severity Vulnerabilities
Firefox and Chrome updates released this week resolve multiple high-severity memory safety vulnerabilities.
Bleeping Computer
ASVEL basketball team confirms data breach after ransomware attack
French professional basketball team LDLC ASVEL (ASVEL) has confirmed that data was stolen after the NoEscape ransomware gang claimed to have attacked the club.
Ars Technica
Stanford researchers challenge OpenAI, others on AI transparency in new report
Researchers say "most transparent" AI model scores only 54% on their index.
The Hacker News
DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan
Discover the latest cyber threat: DoNot Team's Firebird backdoor targeting Pakistan and Afghanistan.
Bleeping Computer
The Week in Ransomware - October 20th 2023 - Fighting Back
This was a bad week for ransomware, with the Trigona ransomware suffering a data breach and law enforcement disrupting the RagnarLocker ransomware operation.
SecurityWeek
In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023.
Cyber Security News
New BlackCat Hacker Tool Spreads Ransomware to Remote Machines
The BlackCat ransomware operators have demonstrated ongoing adaptation and innovation in their malicious activities.
CyberSecurity Dive
Critical flaw in JetBrains TeamCity exploited weeks after patch issued
State-linked actors are targeting the CI/CD platform, and the vendor warns backdoors are lingering undetected.
Bleeping Computer
BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks
The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily.
Cyber Security News
Hackers Use Discord for C&C to Exploit Jupyter Notebooks & SSH
Jupyter Notebooks that are exposed to the internet are targeted by a crypto jacking campaign called Qubit Strike, discovered by Cado Security Labs.
Bleeping Computer
MATA malware framework exploits EDR in attacks on defense firms
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
Cyber Security News
Best Unified Network Security Solutions for Small Businesses
Best Unified Network Security Solutions for Small Businesses. 1. Perimeter 81, 2. Snort, 3. OSSEC, 4. Wireshark, 5. Burp Suite, 6. Splunk.
The Hacker News
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
Korean hacking group Lazarus Group targets defense industry and nuclear engineers with fake job interviews, using trojanized VNC apps to steal data an
The Hacker News
Unraveling Real-Life Attack Paths – Key Lessons Learned
Hackers seek vulnerabilities and attack paths. Discover 7 real-life scenarios where exposure management made the difference in safeguarding critical a
The Hacker News
Qubitstrike Targets Jupyter Notebooks with Crypto Mining and Rootkit Campaign
A new cyber threat emerges! Discover how Qubitstrike, linked to Tunisia, targets Jupyter Notebooks for crypto mining and cloud breaches.
SecurityWeek
Oracle Patches 185 Vulnerabilities With October 2023 CPU
Oracle on Tuesday released 387 new security patches that address 185 vulnerabilities in its code and third-party components.
Bleeping Computer
Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
Hackers are scanning for internet-exposed Jupyter Notebooks to breach servers and deploy a cocktail of malware consisting of a Linux rootkit, crypto miners, and password-stealing scripts.
Cyber Security News
Titan File Transfer Server Flaws Let Attackers Execute Remote Code
Multiple vulnerabilities have been discovered in Titan MFT and Titan SFTP servers owned by South River Technologies.
The Record
Russia wants to isolate its internet, but experts warn it won’t be easy
As Russia’s war with Ukraine drags on, the Kremlin has doubled down on its efforts to take control of the internet on its own turf.
Bleeping Computer
Russian Sandworm hackers breached 11 Ukrainian telcos since May
The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September 2023.
Bleeping Computer
CISA, FBI urge admins to patch Atlassian Confluence immediately
CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks.
Bleeping Computer
Ubuntu discovers 'hate speech' in release 23.10 — how to upgrade?
Ubuntu, the most popular Linux distribution, has pulled its Desktop release 23.10 after its Ukrainian translations were discovered to contain hate speech. According to the Ubuntu project, a malicious contributor is behind anti-Semitic, homophobic, and xenophobic slurs that were injected into the distro via a "third party tool."
DarkReading
Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure
CISA and FBI warn the RaaS provider's affiliates are striking critical industries, with more attacks expected to come from additional ransomware groups in the months ahead.
DarkReading
ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic
The botnet — built for DDoS, backdooring, and dropping malware — is evading standard URL signature detections with a novel approach.
The Hacker News
FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure
The FBI and CISA issue advisory on AvosLocker ransomware gang. They use open-source tools, leave minimal traces.
Bleeping Computer
FBI shares AvosLocker ransomware technical details, defense tips
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts.
Cyber Security News
Critical Google Chrome User-After-Free Site Isolation Flaw
As part of a security update for Chrome, Google has upgraded the Stable channels to 118.0.5993.70 for Mac and Linux and 118.0.5993.70/.71 for Windows.
The Hacker News
ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
Ever heard of an IP address in hexadecimal notation? It's the latest disguise hackers use to deploy DDoS malware on Linux systems.
CyberScoop
Long-awaited curl vulnerability flops
The flaw in the widely used open source software package was expected to be the next great catastrophe in computer security.
Ars Technica
CD-indexing cue files are the core of a serious Linux remote code exploit
Yet another tiny, crucial piece of volunteer software begets a big problem.
SecurityWeek
Citrix Patches Critical NetScaler ADC, Gateway Vulnerability
Citrix has released patches for a critical information disclosure vulnerability in NetScaler ADC and NetScaler Gateway.
The Hacker News
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
Over 17,000 WordPress sites hit by Balada Injector malware in Sept 2023, double the August numbers
SecurityWeek
Chrome 118 Patches 20 Vulnerabilities
Google has released Chrome 118 to the stable channel with patches for 20 vulnerabilities, including one rated ‘critical severity’.
SecurityWeek
Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks
Organizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date.
The Hacker News
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft's October 2023 Patch Tuesday: 103 new vulnerabilities addressed, including 2 zero-days and 13 critical ones.
The Record
Mirai-based botnet updates ‘arsenal of exploits’ on routers, IoT devices
A Mirai-based malware botnet has expanded its payload arsenal to aggressively target routers and other internet-facing devices, researchers have discovered.
Bleeping Computer
Mirai DDoS malware variant expands targets with 13 router exploits
A Mirai-based DDoS (distributed denial of service) malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others.
Bleeping Computer
Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws
Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities.
Infosecurity News
IZ1H9 Botnet Targets IoT Devices With New Exploits
FortiGuard Labs said the new campaign incorporates 13 distinct payloads
Bleeping Computer
Microsoft to kill off VBScript in Windows to block malware delivery
Microsoft is planning to phase out VBScript in future Windows releases after 30 years of use, making it an on-demand feature until it is removed.
DarkReading
North Korea's State-Sponsored APTs Organize & Align
An unprecedented collaboration by various APTs within the DPKR makes them harder to track, setting the stage for aggressive, complex cyberattacks that demand strategic response efforts, Mandiant warns.
SecurityWeek
Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal
Mirai botnet variant tracked as IZ1H9 has updated its arsenal with 13 exploits targeting various routers, IP cameras, and other IoT devices.
SecurityWeek
One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems
A one-click exploit targeting the Libcue component of the GNOME desktop environment could pose a serious threat to Linux systems.
The Hacker News
libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks
Heads up, Linux users! A new critical vulnerability in the libcue library exposes GNOME Linux systems to remote code execution (RCE) attacks.
The Hacker News
Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials
Hackers are exploiting the CVE-2023-3519 vulnerability in Citrix NetScaler devices for credential harvesting attacks.
Bleeping Computer
GNOME Linux systems exposed to RCE attacks via file downloads
A memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on GNOME Linux systems.
DarkReading
'Looney Tunables' Linux Flaw Sees Snowballing Proof-of-Concept Exploits
Following the publication of the critical Linux security vulnerability, security specialists released PoC exploits to test the implications of CVE-2023-4911.
Bleeping Computer
Over 17,000 WordPress sites hacked in Balada Injector attacks last month
Multiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites using known flaws in premium theme plugins.
Bleeping Computer
HelloKitty ransomware source code leaked on hacking forum
A threat actor has leaked the complete source code for the first version of the HelloKitty ransomware on a Russian-speaking hacking forum, claiming to be developing a new, more powerful encryptor.
SecurityWeek
Google Expands Bug Bounty Program With Chrome, Cloud CTF Events
Google is hosting capture the flag (CTF) events focused on Chrome’s V8 engine and on Kernel-based Virtual Machine (KVM).
Cyber Security News
Top 10 Best DevOps Tools to Shift Your Security
DevOps refers to a collection of processes and technologies used in software development and IT operations that reduce the system development life cycle and enable continuous delivery.
Bleeping Computer
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions.
Cyber Security News
Supershell - Open-Source Botnet That Obtain SSH Shell Access
Cybersecurity researchers at SOCRadar recently reported about an open-source botnet, Supershell, that obtains SSH shell access.
Infosecurity News
Critical Glibc Bug Puts Linux Distributions at Risk
Qualys identified and exploited the vulnerability in Fedora 37/38, Ubuntu 22.04/23.04, Debian 12/13
SecurityWeek
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol
The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.
Trend Micro
Exposing Infection Techniques Across Supply Chains and Codebases
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
Bleeping Computer
Atlassian patches critical Confluence zero-day exploited in attacks
Australian software company Atlassian released emergency security updates to fix a maximum severity zero-day vulnerability in its Confluence Data Center and Server software, which has been exploited in attacks.
SecurityWeek
Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions
A local privilege escalation vulnerability (CVE-2023-4911) in the GNU C Library (glibc) can be exploited to gain full root privileges.
The Hacker News
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
New Linux vulnerability (CVE-2023-4911) named Looney Tunables found in the GNU C library's dynamic loader. Exploitation could lead to root privileges.
Bleeping Computer
New 'Looney Tunables' Linux bug gives root on major distros
A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader.
SecurityWeek
Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies
ShellTorch attack chains critical TorchServe vulnerabilities and could completely compromise the AI infrastructure of major companies.
The Hacker News
Protecting your IT infrastructure with Security Configuration Assessment (SCA)
Learn how Security Configuration Assessment (SCA) can help identify vulnerabilities and minimize attack surfaces.
SecurityWeek
Companies Address Impact of Exploited Libwebp Vulnerability
Companies have addressed the impact of the exploited Libwebp vulnerability CVE-2023-4863 on their products.
The Record
Arm, Qualcomm warn GPU drivers are likely being exploited by hackers
The British semiconductor designer Arm and U.S. chip manufacturer Qualcomm issued separate warnings Monday that hackers are likely exploiting multiple vulnerabilities in their graphics processing units (GPUs).
Ars Technica
Vulnerable Arm GPU drivers under active exploitation. Patches may not be available
Vulnerability allows attackers to tamper with data stored in device memory.
Bleeping Computer
Ransomware gangs now exploiting critical TeamCity RCE flaw
Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains' TeamCity continuous integration and deployment server.
Latest Hacking News
Another Chrome Zero-Day Under Attack Received A Fix
Heads up, Chrome users! Google has just released a major security update for its Chrome browser as it patched an actively exploited zero-day. All Chrome desktop users must rush to update their systems to avoid
Bleeping Computer
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang
The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilizing almost identical data leak sites and encryptors.
Bleeping Computer
The Week in Ransomware - September 29th 2023 - Dark Angels
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed.
Bleeping Computer
Millions of Exim mail servers exposed to zero-day RCE attacks
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers.
The Hacker News
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
North Korea's Lazarus Group targets Spanish aerospace company in a cyber espionage attack.
DarkReading
Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.
CyberSecurity Dive
Johnson Controls hit by ‘severe’ cyberattack
The manufacturer of industrial control systems, security systems and HVAC equipment, said it’s still assessing what information was impacted.
Bleeping Computer
Budworm hackers target telcos and govt orgs with custom malware
A Chinese cyber-espionage hacking group tracked as Budworm has been observed targeting a telecommunication firm in the Middle East and a government entity in Asia using a new variant of its custom 'SysUpdate' backdoor.
Cyber Security News
Google Fixes Actively Exploited Zero-day Vulnerability : Patch Now!
Google Chrome version 117.0.5938.132 for Windows, Mac, and Linux has been set to release with multiple bug fixes and features.
The Hacker News
China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
Budworm, a China-linked group, strikes again with updated malware tools, targeting government and telecom entities.
Infosecurity News
Google Patches Chrome Zero-Day Used in Spyware Attacks
It’s the fifth zero-day to be fixed this year
SecurityWeek
Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor.
The Hacker News
Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
Google has released a Chrome update to patch a new high-severity zero-day vulnerability (CVE-2023-5217) that is being exploited in the wild.
CSO
New Trojan ZenRAT masquerades as Bitwarden password manager
A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities.
Bleeping Computer
Google fixes fifth actively exploited Chrome zero-day of 2023
Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today.
Bleeping Computer
Fake Bitwarden sites push new ZenRAT password-stealing malware
Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT.
DarkReading
China APT Cracks Cisco Firmware in Attacks Against the US and Japan
Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.
Cyber Security News
ZenRAT Malware Delivered Through Fake Bitwarden Installation Packages
A new malware called ZenRAT has been discovered. This malware is being spread via fraudulent download packages disguised as Bitwarden installations.
Cyber Security News
BlackTech APT Hackers Attacking Network Routers to Breach Corporate Networks
BlackTech APT Hackers active since 2010, known for attacking government, industrial, technology, media, electronics, telecommunication, and military sectors.
Cyber Security News
Google Given Max Severity Score for lipwebp Zero-day Exploited in Wild
Google released a security fix for a critical vulnerability that affected Google Chrome for Windows, macOS, and Linux.
SecurityWeek
Google Open Sources Binary File Comparison Tool BinDiff
Google has released the source code of BinDiff, a binary file comparison tool popular within the security research community, on GitHub.
The Hacker News
New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software
⚠️ Beware of ZenRAT! This new modular malware strain targets Windows users through trojanized Bitwarden installers.
The Record
Vulnerability in popular ‘libwebp’ code more widespread than expected
Initial alerts about a bug in the obscure but widely used libwebp library have expanded into concerns that it affects not only web browsers like Chrome, but also many other common pieces of software.
The Hacker News
ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families
Cyber experts uncover a new threat: ShadowSyndicate. Explore their connections to ransomware and the latest findings from cybersecurity experts.
Latest Hacking News
GitHub Makes Passkey For Passwordless Logins Publicly Available
Continuing its efforts for users’ account security, GitHub takes another step as it releases passkey authentication for all its users. With passkeys, GitHub encourages users to switch to passwordless sign-ins to avoid credential breaches. GitHub Passkey
DarkReading
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs
The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.
The Hacker News
Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
🚨 Attention users! Apple issues patches for 3 new critical zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari.
Trend Micro
Examining the Activities of the Turla APT Group
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
The Record
New Zealand university operating despite cyberattack
The Monti ransomware gang took credit for the attack, claiming to have stolen 60 gigabytes of data from the university and giving them a deadline of October 9 to pay an undisclosed ransom.
Ars Technica
Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters
No one mentioned that libwebp, a library found in millions of apps, was a 0-day origin.
DarkReading
'Gold Melody' Access Broker Plays on Unpatched Servers' Strings
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.
The Hacker News
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack
"Free Download Manager" software site was breached in 2020, and a Ukrainian hacker group distributed malware.
Bleeping Computer
P2PInfect botnet activity surges 600x with stealthier malware variants
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023.
Bleeping Computer
Free Download Manager releases script to check for Linux malware
The developers of Free Download Manager (FDM) have published a script to check if a Linux device was infected through a recently reported supply chain attack.
Bleeping Computer
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.
DarkReading
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor's growing malware arsenal, Trend Micro says.
Infosecurity News
Chinese Group Exploiting Linux Backdoor to Target Governments
The new backdoor is being used by Earth Lusca to conduct cyber-espionage campaigns, primarily against governments in Asia and the Balkans
The Hacker News
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
Earth Lusca, a China-linked group, is using a stealthy Linux backdoor called SprySOCKS to target government entities worldwide.
The Hacker News
Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware
Suspected Pakistani group, Transparent Tribe, evolves tactics! Using fake YouTube apps to spread CapraRAT trojan, targeting Indian entities.
Ars Technica
Chinese hackers have unleashed a never-before-seen Linux backdoor
SprySOCKS borrows from open source Windows malware and adds new tricks.
Bleeping Computer
Windows Subsystem for Linux gets new 'mirrored' network mode
Microsoft has released Windows Subsystem for Linux (WSL) 2.0.0 with a set of new opt-in experimental features, including a new network mode and automated memory and disk size cleanup.