New Zero-Day Vulnerability CVE-2014-1776 Affects all Versions of Internet Explorer Browser

Microsoft confirmed a new Zero Day critical vulnerability in its browser Internet Explorer. Flaw affects all versions of Internet Explorer, starting with IE version 6 and including IE version 11. In a Security Advisory 2963983 released yesterday, Microsoft acknowledges a zero-day Internet Explore...

Oracle Patches Java Zero Day Vulnerability

Oracle delivered an unusual emergency patch to Java's critical Zero Day vulnerability on Sunday to fix a malicious bug that allowed hackers access to users web browsers. Exploits for the previously undisclosed flaw were being hosted in a number of exploit kits and attacks have already been seen i...

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

Hi there! Here's your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies...

Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

More than 140,000 phishing websites have been found linked to a phishing-as-a-service PhaaS platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin pan...

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers CRQCs. "Chrome will offer a key share prediction for hybrid ML-KEM codepoint 0x11EC," David...

Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being...

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that...

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities...

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 CVSS score: 9.3, a critical SQL...

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below - CVE-2024-23225 - A memory corruption issue in Kernel that an attacker with arbitrary kernel read and writ...

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security...

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile EPMM and MobileIron Core to its Known Exploited Vulnerabilities KEV catalog, stating it's being actively exploited in the wild. The vulnerability i...

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails

A new exploitation technique called Simple Mail Transfer Protocol SMTP smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from...

Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks

Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023. The vulnerabilities are as follows - CVE-2023-33063 CVSS score: 7.8 - Memory corruption in DSP Services during a remote call fro...

6 Steps to Accelerate Cybersecurity Incident Response

Modern security tools continue to improve in their ability to defend organizations' networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That's why it's...

PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS

An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of a larger China-based operation codenamed BADBOX, which also entails selling off-brand mobile and...

Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability

Adobe's Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the...

Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird

Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier CVE-2023-4863, is a he...

Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer's corporate account. This enabled the adversary to access a debugging environment that contained informatio...

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services AWS that allows the AWS Systems Manager Agent SSM Agent to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their...

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware

Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center ASEC, in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on...

Dark Pink APT Group Targets Governments and Military in APAC Region

Government and military organizations in the Asia-Pacific region are being targeted by a previously unknown advanced persistent threat APT actor, per latest research conducted by Albert Priego of Group-IB The Singapore-headquartered company, in a report shared with The Hacker News, said it's...

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...

Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog

Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service DoS. The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol MS-EVEN, which enables...

Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government

A former U.S. National Security Agency NSA employee has been arrested on charges of attempting to sell classified information to a foreign spy, who was actually an undercover agent working for the Federal Bureau of Investigation FBI. Jareh Sebastian Dalke, 30, was employed at the NSA for less tha...

Critical Remote Hack Flaws Found in Dataprobe's Power Distribution Units

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday released an industrial control systems ICS advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation...

SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products

Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection SQLi vulnerability affecting its Analytics On-Prem and Global Management System GMS products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and...

New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a...

15-Year-Old Bug in PEAR PHP Repository Could've Enabled Supply Chain Attacks

A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over...

Critical Sophos Firewall RCE Vulnerability Under Active Exploitation

Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks. The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions...

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager RCM for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 CVSS scor...

Researchers Uncover 'Process Ghosting' — A New Malware Evasion Technique

Cybersecurity researchers have disclosed a new executable image tampering attack dubbed "Process Ghosting" that could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system. "With this technique, an attacker can write a piece of malwar...

Hackers Breached Colonial Pipeline Using Compromised VPN Password

The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network VPN account password, the latest investigation into the incident has revealed. The development, which was reported by Bloomber...

Hackers Using Fake Foundations to Target Uyghur Minority in China

The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems. "Considerable effort was put into disguising the payloads, whether by creatin...

Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials

A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks...

Experts Uncover Malware Attacks Against Colombian Government and Companies

Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubb...

4 Free Online Cyber Security Testing Tools For 2021

Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a list of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of...

Quick Guide — How to Troubleshoot Active Directory Account Lockouts

Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of...

Microsoft and Other Tech Companies Take Down TrickBot Botnet

Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. The joint collaboration, which involved Microsoft's Digital Crimes Unit,...

New PIN Verification Bypass Flaw Affects Visa Contactless Payments

Even as Visa issued a warning about a new JavaScript web skimmer known as Baka, cybersecurity researchers have uncovered an authentication flaw in the company's EMV enabled payment cards that permits cybercriminals to obtain funds and defraud cardholders as well as merchants illicitly. The...

New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server. Remote timing attacks that work over a network connection are predominantly affected by...

Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets

Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns. In a new report shared with The Hacker News, cybersecurity firm RiskIQ said it identified...

Unveiled: How xHelper Android Malware Re-Installs Even After Factory Reset

Remember xHelper? A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers...

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means,...

Microsoft Brings Defender Antivirus for Linux, Coming Soon for Android and iOS

Almost within a year after releasing Microsoft Defender Advanced Threat Protection ATP for macOS computers, Microsoft today announced a public preview of its antivirus software for various Linux distributions, including Ubuntu, RHEL, CentOS and Debian. If this news hasn't gotten you excited yet...

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill...

Dashboards to Use on Palo Alto Networks for Effective Management

Enterprises should expect to see more cyberattacks launched against them. The data that they now gather and store have made their infrastructures key targets for hackers. Customer data and intellectual property can be sold in the black market for profit, and sensitive information can also be used...

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft...

Hacker Puts Airport's Security System Access On Dark Web Sale For Just $10

If you can't find it on Google, you will definitely find it on the Dark Web. Black markets on the Dark web are not known for just buying drugs, it is a massive hidden network where you can buy pretty much anything you can imagine—from pornography, weapon, and counterfeit currencies, to hacking...