U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers

The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office SOHO routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign. The existence of t...

HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining

Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world since early September 2021. The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the...

Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities

Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices. This includes custom web shells such as BUSHWALK,...

CISA Warns of Active Exploitation Apple iOS and macOS Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-48618 CVSS...

RunC Flaws Enable Container Escapes, Granting Attackers Host Access

Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have...

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation

Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-21888 CVSS score: 8.8 - A privilege escalation vulnerability in the w...

Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware

Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where...

The SEC Won't Let CISOs Be: Understanding New SaaS Cybersecurity Rules

The SEC isn't giving SaaS a free pass. Applicable public companies, known as "registrants," are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them. The new cybersecurity mandate...

Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware

A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics. "UNC499...

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

A pair of recently disclosed zero-day flaws in Ivanti Connect Secure ICS virtual private network VPN devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as...

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library aka glibc. Tracked as CVE-2023-6246 CVSS score: 7.8, the heap-based buffer overflow vulnerability is rooted in glibc's vsysloginternal function, whic...

Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top Operatives

A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil said it served five temporary arrest warrants and 13 search and seizure warrants in the states of São Paulo, Santa Catarina, Pará, Goiás, a...

URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite

GitLab once again released fixes to address a critical security flaw in its Community Edition CE and Enterprise Edition EE that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. "An...

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November...

Top Security Posture Vulnerabilities Revealed

Each New Year introduces a new set of challenges and opportunities for strengthening our cybersecurity posture. It's the nature of the field – the speed at which malicious actors carry out advanced persistent threats brings a constant, evolving battle for cyber resilience. The excitement in...

Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations

Italy's data protection authority DPA has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region. "The available evidence pointed to the existence of breaches of the provisions contained in the E.U. GDPR General Data Protection Regulation," the Garante per la protezione...

New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility

Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was dismantled in April 2022. A new variant of the malware is said to have been in development since September 2023, Zscaler ThreatLabz said in an analys...

Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws

Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and...

Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords

A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager NTLM v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 CVSS score: 6.5, was addressed by the tech giant as part of its Patch Tuesday updates...

493 Companies Share Their SaaS Security Battles – Get Insights in this Webinar

In today's digital world, security risks are more prevalent than ever, especially when it comes to Software as a Service SaaS applications. Did you know that an alarming 97% of companies face serious risks from unsecured SaaS applications? Moreover, about 20% of these organizations are struggling...

Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats

In nearly every segment of our lives, AI artificial intelligence now makes a significant impact: It can deliver better healthcare diagnoses and treatments; detect and reduce the risk of financial fraud; improve inventory management; and serve up the right recommendation for a streaming movie on...

Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang

Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust. Fortinet FortiGuard Labs, which detailed the latest iteration of the ransomware, said it's being propagated by means of an infection that delivers a Microsoft Excel document .XL...

NSA Admits Secretly Buying Your Internet Browsing Data without Warrants

The U.S. National Security Agency NSA has admitted to buying internet browsing records from data brokers to identify the websites and apps Americans use that would otherwise require a court order, U.S. Senator Ron Wyden said last week. "The U.S. government should not be funding and legitimizing a...

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

Cybersecurity researchers have identified malicious packages on the open-source Python Package Index PyPI repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM,...

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin America-based financially...

Perfecting the Defense-in-Depth Strategy with Automation

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern...

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will...

Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs

Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise HPE...

Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree

40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice DoJ said. The development comes nearly two months after Dunaev pleaded guilty to committing comput...

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 CVSS score: 9.9, the issue stems...

SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks

Cybersecurity researchers have shed light on the command-and-control C2 server workings of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control C2 server, and a web administration...

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

The maintainers of the open-source continuous integration/continuous delivery and deployment CI/CD automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution RCE. The issue, assigned the CVE...

Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat...

LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks

Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findings come from Japanese company ITOCHU Cyber & Intelligence, which said the malware "has been updated with new features, as well as changes to the...

China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware

A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle AitM attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat APT...

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader's icon and name...

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's HPE cloud email environment to exfiltrate mailbox data. "The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes...

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine GKE that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many ...

Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption

The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver BYOVD attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows...

The Unknown Risks of The Software Supply Chain: A Deep-Dive

In a world where more & more organizations are adopting open-source components as foundational blocks in their application's infrastructure, it's difficult to consider traditional SCAs as complete protection mechanisms against open-source threats. Using open-source libraries saves tons of coding...

U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov aka bladerunner, GistaveDore, GustaveDore, or JimJones, 33, has been tied to t...

Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin

A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer MFT software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4....

VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ Affiliates

The threat actors behind ClearFake, SocGholish, and dozens of other e-crime outfits have established partnerships with another entity known as VexTrio as part of a massive "criminal affiliate program," new findings from Infoblox reveal. The latest development demonstrates the "breadth of their...

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed. The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and...

"Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets

Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data. Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS...

From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks

As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore's broad, internationally distributed network of scrubbing centers allows them to follow attack trends over time. Read on to...

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias "pompompurin," was arrested in March 2023 in New York and was subsequently charged with conspiracy ...

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 CVSS score: 10.0, the vulnerability impacts out-of-date versions of the...

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug in the WebKit browser engine that could be exploited by a...

North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor

Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research...