Author: Admin
August 3, 2024Ravi LakshmananDDoS attack / Server security Cybersecurity researchers have revealed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter notebooks. Codenamed activity Panomorphic from cloud security company Aqua uses a Java-based tool called mining to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers. The attack chains involve using Jupyter Notebook instances exposed on the Internet to execute wget commands to retrieve a ZIP archive hosted on a file sharing site called Filebin. The ZIP file contains two Java archive (JAR) files, conn.jar and mineping.jar, the former being…
August 2, 2024Ravi LakshmananCyber espionage / malware A Russian-linked threat actor has been linked to a new company that used a car for sale as phishing bait to deliver a Windows modular backdoor called HeadLace. “The campaign likely targeted diplomats and began as early as March 2024,” Unit 42 Palo Alto Networks. said in a report published today, attributing it with a medium to high level of confidence APT28also called BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy and TA422. It should be noted that the car for sale phishing themes were attractive…
August 2, 2024Ravi LakshmananCyber espionage / malware Cisco Talos, a Taiwanese government research institute specializing in computing and related technologies, was hacked by China-linked national threat actors, according to new findings. As early as mid-July 2023, an unnamed entity was targeted to provide various backdoors and post-compromise tools such as ShadowPad and Cobalt Strike. It is attributed with moderate confidence to a prolific hacking group tracked as APT41. “The ShadowPad malware used in the current campaign used an outdated, vulnerable version of the Microsoft Office IME binary as a bootloader to download a customized second-stage bootloader to launch the payload,”…
August 2, 2024Ravi LakshmananCyber Attack / Windows Security Cybersecurity researchers have discovered a previously undocumented Windows backdoor that uses the built-in Background Intelligent Transfer Service (BITS) as a command and control (C2) mechanism. A recently discovered strain of malware has been given a codename BITZLEN Elastic Security Labs, which made the discovery on June 25, 2024, in connection with a cyber attack targeting an unspecified Ministry of Foreign Affairs of the South American government. The activity cluster is tracked under the alias REF8747. “The most recent iteration of the backdoor at the time of publication has 35 handler functions, including…
August 2, 2024Hacker news In today’s digital battlefield, small and medium-sized businesses (SMEs) face the same cyber threats as large corporations, but with fewer resources. Managed service providers (MSPs) are struggling to keep up with the demand for protection. If your current cybersecurity strategy looks like a house of cards—a complex, expensive jumble of different vendors and tools—it’s time to make a change. Introducing the All-in-One Cyber Security Platform. Imagine having all the protection you need in one place with one easy-to-use interface. That’s the power of the All-in-One platform. Join our upcoming webinar to learn how MSPs and SMBs…
August 2, 2024Hacker newsVulnerability / Network Security Enterprise resource planning (ERP) software is at the heart of many businesses supporting HR, accounting, shipping and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make it difficult to fix. However, critical vulnerabilities continue to affect these systems and put critical business data at risk. SANS Internet Storm Center published a report showing how the open source ERP platform OFBiz is currently the target of new strains of the Mirai botnet. As part of its broad portfolio of projects, the Apache Foundation supports…
August 2, 2024Ravi LakshmananCyber Crime / Hacking News U historical prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia and the USA, two Russian citizens serving sentences for cybercrime were released and repatriated to their country. They are Roman Valerievich Seleznev and Vladislav Klyushin, who are part of a group of eight people who were sent back to Russia in exchange for the release of 16 people who had been detained, including four Americans, five Germans and seven Russian citizens, who were kept as political prisoners. US President Joe Biden is called hailed the deal as a “feat of diplomacy”, adding…
August 2, 2024Ravi LakshmananMalware / Network Security Cybersecurity companies are warning of a surge in misuse of Clouflare’s free TryCloudflare service to deliver malware. Activity documented by both eFeel and Proofinvolves using TryCloudflare to create a one-way tunnel that acts as a conduit to relay traffic from an attacker-controlled server to a local machine through Cloudflare’s infrastructure. Attack chains using this technique have been observed to deliver a cocktail of malware families such as AsyncRAT, GuLoader, PureLogs Stealer, Remcos RAT, Venom RAT, and XWorm. The initial access vector is a phishing email that contains a ZIP archive that includes a…
August 1, 2024Ravi LakshmananVulnerability / Threat Intelligence More than a million domains are susceptible to hijacking by attackers using the so-called a Ducks are sitting attack. A powerful attack vector exploiting weaknesses in the Domain Name System (DNS) is being used by more than a dozen Russian cybercriminals to secretly hijack domains, a joint analysis published Info block and Eclipse discovered. “In a Sitting Ducks attack, an actor hijacks a registered domain from an authoritative DNS service or web hosting provider without accessing the real owner’s account on any DNS provider or recorder,” the researchers said. “Sitting Ducks are easier…
In another sign that threat actors are always looking for new ways to trick users into downloading malware, it emerged that a question-and-answer (Q&A) platform known as Stack Exchange was used to direct unsuspecting developers to fake Python packages capable of drain their cryptocurrency wallets. “Once installed, this code will execute automatically, triggering a chain of events designed to hack and control the victim’s systems, steal their data and drain their crypto wallets,” Checkmarx researchers Yehuda Gelb and Tzahi Zornstein said in the report shared with The Hacker News. The campaign, which began on June 25, 2024, specifically singled out…