Author: Admin
August 30, 2024Ravi LakshmananCyber threat / Cyber espionage Cybersecurity researchers have discovered a new network infrastructure created by Iranian threat actors to support activities related to recent attacks on political campaigns in the United States. Insikt group Recorded Future has linked the infrastructure to a threat it tracks as GreenCharlie, an Iran-linked cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453 and Yellow Garuda. “The group’s infrastructure is meticulously designed using dynamic DNS (DDNS) providers such as Dynu, DNSEXIT and Vitalwerks to register domains used in phishing attacks,” the cybersecurity firm said in a…
August 30, 2024Ravi LakshmananMalware / Network Security Cyber security researchers have uncovered a new campaign that is potentially targeting users in the Middle East with malware masquerading as Palo Alto Networks GlobalProtect a virtual private network (VPN) tool. “The malware can execute remote PowerShell commands, download and expose files, encrypt communications, and bypass sandboxes, posing a significant threat to targeted organizations,” Trend Micro researcher Mohamed Fahmy. said in the technical report. The sophisticated malware sample was seen using a two-step process and involves establishing connections to a Command and Control (C2) infrastructure that pretends to be the company’s VPN portal,…
The most dangerous vulnerability you’ve never heard of. In the world of cybersecurity, vulnerabilities are discovered so often and at such a high rate that it can be very difficult to keep up. Some vulnerabilities will set off alarm bells in your security tools, while others are much more subtle but still pose an equally dangerous threat. Today we want to discuss one of the Source link
August 30, 2024Ravi LakshmananCyber espionage / threat intelligence Chinese-speaking users are being targeted by a “highly organized and sophisticated attack” campaign that is likely using phishing emails to infect Windows systems with Cobalt Strike payloads. “The attackers were able to move sideways, establish persistence, and remain undetected on systems for over two weeks,” Securonix researchers Dan Yuzwick and Tim Peck said in a new report. A secret company under a code name SLOW#STORM and not attributed to any known threat actor, begins with malicious ZIP files that, when unzipped, activate an infection chain that leads to the deployment of a…
August 30, 2024Hacker newsICS Security / OT Security The comprehensive guide, authored by Dean Parsons, highlights the growing need for specialized ICS security measures in the face of growing cyber threats. With a staggering 50% increase in ransomware attacks targeting industrial control systems (ICS) in 2023, the SANS Institute is taking decisive action by announcing the release of its important new strategic guidance, “ICS is a business: why securing ICS/OT environments is business critical in 2024.” Authored by Dean Parsons, ICS Defense Force CEO and SANS Certified Instructor, this guide offers a comprehensive analysis of the rapidly evolving threat landscape…
August 30, 2024Ravi LakshmananCryptocurrency / Malware Threat actors linked to North Korea have been seen publishing a number of malicious packages to the npm registry, indicating a “coordinated and relentless” effort to target malware developers and steal cryptocurrency assets. The latest wave, observed between August 12 and 27, 2024, included packages named temp-etherscan-api, ethersscan-api, telegram-con, helmet-validate, and qq-console. “The behavior of this company leads us to believe that qq-console is related to a North Korean company known as Contagious Interview,” wrote software security firm Phylum. said. Contagious interview refers to an campaign continues which seeks to compromise software developers with…
August 29, 2024Ravi LakshmananBrowser Security / Vulnerability Cybersecurity researchers have identified several exploit campaigns in the wild that have used patched flaws in Apple’s Safari and Google Chrome browsers to infect mobile users with information-stealing malware. “These companies presented exploits for n days for which patches were available, but they were still effective against unpatched devices,” Google Threat Analysis Group (TAG) researcher Clement Lessin said in a report shared with The Hacker News. The activity observed between November 2023 and July 2024 is notable for the fact that the exploits were carried out using a hacker attack on the Mongolian…
August 29, 2024Ravi LakshmananCyber espionage / malware A non-profit organization that supports human rights in Vietnam was the target of a multi-year campaign designed to spread various malware on compromised hosts. Cybersecurity firm Huntress attributed the activity to a threat cluster known as APT32, a Vietnam-based hacking group also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty and OceanLotus. The invasion is believed to have lasted at least four years. “This intrusion has a number of overlaps with known methods used by the APT32/OceanLotus threat actor and a known target demographic that matches the goals of APT32/OceanLotus,” security researchers…
August 29, 2024Ravi LakshmananIoT Security / Vulnerability A multi-year high-severity flaw affecting AVTECH IP cameras has been weaponized by attackers as a zero-day tool to tie them into botnets. CVE-2024-7029 (CVSS Score: 8.7), the vulnerability in question is “a remote code execution (RCE) command injection vulnerability discovered in the brightness feature of AVTECH CCTV cameras.” , Akamai researchers Kyle Lefton, Larry Cashdollar and Aline Eliovich said. Details of the security flaw were first published earlier this month by the US Cybersecurity and Infrastructure Security Agency (CISA), highlighting its low attack complexity and remote exploitability. “Successful exploitation of this vulnerability could…
US cybersecurity and intelligence agencies have accused an Iranian hacking group of hacking multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity was linked to a threat actor called Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which is described as being linked to the Iranian government and using an Iranian information technology (IT) company, Danesh Novin Sahand , probably as a cover. “Their malicious cyber operations are aimed at deploying ransomware attacks to gain and develop network access,” said the Cybersecurity and Infrastructure Security Agency (CISA),…