Author: Admin
January 17, 2025Ravi LakshmananCyber Security / Threat Intelligence Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that has been targeting Microsoft 365 accounts to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The new phishing kit was named Sneaky 2FA by French cybersecurity company Sekoia, which discovered it in the wild in December. As of this month, nearly 100 domains have been identified as hosting Sneaky 2FA phishing pages, indicating moderate threat acceptance. “This kit is sold as Phishing as a Service (PhaaS) by Sneaky Log, a cybercrime service that operates through a fully…
January 17, 2025Ravi LakshmananFirmware Security / Vulnerability Cybersecurity researchers have discovered three security flaws in Planet Technology’s WGS-804HPT industrial switches that can be chained together to achieve remote code execution before authentication on sensitive devices. “These switches are widely used in building and home automation systems for a variety of network applications,” Tomer Goldschmidt of Claroty said in a report on Thursday. “An attacker who can remotely control one of these devices can use them to further exploit devices on the internal network and perform lateral movement.” The operational technology security firm, which conducted an extensive analysis of the firmware…
January 17, 2025Ravi LakshmananWeb Security / Botnet Cybersecurity researchers have uncovered a new campaign targeting web servers running PHP-based applications to promote gambling platforms in Indonesia. “The past two months have seen a significant number of attacks by Python-based bots, suggesting a coordinated effort to exploit thousands of web applications,” Imperva researcher Daniel Johnston said in the analysis. “These attacks appear to be related to the proliferation of gambling-related sites, potentially in response to increased government control.” The Thales-owned company said it discovered millions of requests originating from a Python client containing a command to install GSocket (aka Global Socket),…
January 17, 2025Ravi LakshmananInsider Threat / Cryptocurrency The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two individuals and four entities for their alleged involvement in illegal revenue-generating schemes for the Democratic People’s Republic of Korea (DPRK) by sending IT workers around the world for employment and clearance is a constant source of income for the regime in violation of international sanctions. “These IT workers hide their identities and locations to fraudulently obtain freelance work contracts from clients around the world for IT projects such as software and mobile application development,” the Treasury Department said.…
Austrian non-profit privacy organization None of Your Business (noyb) filed complaints accusing companies such as TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi of violating data protection rules in the European Union by illegally transferring user data to China. The advocacy group is seeking an immediate halt to such transfers, saying the companies in question cannot protect user data from potential access by the Chinese government. Complaints have been filed in Austria, Belgium, Greece, Italy and the Netherlands. “Given that China is an authoritarian surveillance state, it is quite clear that China does not offer the same level of data protection…
January 16, 2025Ravi LakshmananSpear Phishing / Threat Intelligence A Russian threat known as Star Blizzard has been linked to a new phishing campaign targeting victims’ WhatsApp accounts, marking a move away from its long-time trade in a likely attempt to avoid detection. “Star Blizzard’s targets are most often associated with government or diplomacy (both current and former), defense policy or international relations researchers whose work affects Russia, and sources of aid to Ukraine linked to the war with Russia,” Microsoft Threat. The intelligence group reported in a the report shared with The Hacker News. Star Blizzard (formerly SEABORGIUM) is a…
January 16, 2025Ravi LakshmananMalware / Ransomware Threat actors have been observed hiding malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer within separate campaigns. “At both companies, the attackers hid malicious code in images they uploaded to archive(.)org, a file hosting website, and used the same .NET loader to install the final payloads,” HP Wolf Security. said in its Q3 2024 Threat Report shared with The Hacker News. The starting point is a phishing email that disguises itself as invoices and purchase orders to trick recipients into opening malicious attachments, such as Microsoft Excel documents,…
January 16, 2025Ravi LakshmananActive Directory / Vulnerability Cybersecurity researchers have discovered that Microsoft Active Directory Group Policy designed to disable NT LAN Manager (NTLM) v1 can be bypassed simply by misconfiguration. “A simple misconfiguration in local applications can override Group Policy, effectively nullifying the Group Policy intended to stop NTLMv1 authentication,” Silverfort researcher Dor Segal said in a report shared with The Hacker News. NTLM is still a widely used mechanism, especially in Windows environments, for authenticating users over a network. The deprecated protocol, although not removed due to backwards compatibility requirements, was out of date as of mid-2024. At…
January 16, 2025Ravi LakshmananVulnerability / Cyber Security Details have emerged of a patched security vulnerability that could bypass the Secure Boot mechanism on Unified Extensible Firmware Interface (UEFI) systems. A vulnerability assigned a CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by a third-party UEFI certificate from Microsoft “Microsoft Corporation UEFI CA 2011” according to new report from ESET shared with The Hacker News. Successful exploitation of the flaw could lead to the execution of untrusted code during system boot, thereby allowing attackers to deploy malicious UEFI bootkits on machines that have Secure Boot enabled, regardless…
January 16, 2025Hacker newsCertificate Management / Compliance The digital world is exploding. IoT devices are multiplying like rabbits, certifications are piling up faster than you can count, and compliance requirements are getting tougher by the day. Keeping up with it all can feel like you’re trying to juggle chainsaws while riding a unicycle. Traditional trust management? Forget it. It’s just not built for today’s fast-paced hybrid environment. You need a solution that can handle the chaos, not add to it. Introducing DigiCert ONE: a revolutionary platform designed to simplify and automate your entire trust ecosystem. But seeing is believing, right?…