Author: Admin

August 21, 2024Ravi LakshmananCyber ​​espionage / threat intelligence In an operational security (OPSEC) breach, the operator behind a new information stealer called Styx Stealer leaked data from his own computer, including customer details, earnings information, nicknames, phone numbers and email addresses. Styx Stealer, derived from Thief of phemedroneis capable of stealing browser data, Telegram and Discord instant messaging sessions, and cryptocurrency wallet information, according to an analysis by cybersecurity firm Check Point. It first appeared in April 2024. “Styx Stealer is likely based on the source code of an older version of Phemedrone Stealer, which lacks some features that newer…

It won’t be a big revelation to say that SaaS applications have changed the way we work in both our personal and professional lives. We regularly rely on cloud and remote applications to perform our core functions, so the only true perimeter of our networks is the credentials we use to log into these services. Unfortunately, as is often the case, our appetite for improved workflows, collaboration and communication outpaced our willingness to ensure that these tools and processes were secure when we plugged them into our environment, handing over control over the security of our data. Each of these…

August 21, 2024Ravi LakshmananCyber ​​warfare / threat intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has warned new phishing attacks aimed at infecting devices with malware. The activity was attributed to the threat cluster it tracks as UAC-0020, which is also known as Paradisi. The exact scale and scope of the attacks are still unknown. The chain of attacks begins with phishing messages containing photos of alleged POW(s) from Kursk Oblast, urging recipients to click on a link that points to a ZIP archive. The ZIP file contains a Microsoft Compiled HTML Help (CHM) file that embeds the JavaScript…

August 21, 2024Ravi LakshmananWordPress / Cyber ​​Security A maximum severity security flaw has been discovered in the GiveWP donation and fundraising WordPress plugin that exposes more than 100,000 websites to remote code execution attacks. Tracked as CVE-2024-5932 (CVSS score: 10.0), the bug affects all versions of the plugin up to version 3.14.2, which was released on August 7, 2024. A security researcher with the alias villu164 has been credited with discovering and reporting the issue about her. Plugin “vulnerable to PHP Object Injection in all versions up to and including 3.14.1 via deserialization of untrusted input from the ‘give_title’ parameter,”…

August 20, 2024Ravi LakshmananMobile Security / Bank Fraud Mobile users in the Czech Republic are being targeted by a new phishing campaign that uses a progressive web application (PWA) in an attempt to steal their bank account credentials. According to the Slovak cyber security company ESET, the target of the attacks was the Czech Československá obchodní banka (CSOB), as well as the Hungarian OTP Bank and the Georgian TBC Bank. “Phishing websites targeting iOS instruct victims to add a Progressive Web Application (PWA) to their home screens, while on Android PWAs are installed after validating custom browser pop-ups,” security researcher…

August 20, 2024Hacker newsCyber ​​Security / Cloud Security As cloud infrastructure becomes the backbone of today’s businesses, securing these environments is of paramount importance. With AWS (Amazon Web Services) still the dominant cloud, it’s important for any security professional to know where to look for signs of a breach. AWS CloudTrail stands out as a critical tool for tracking and logging API activity, providing a complete record of activities performed in an AWS account. Think of AWS CloudTrail as an audit or event log for all API calls made in your AWS account. For security professionals, monitoring these logs is…

Since late July 2024, Iranian state-sponsored threat actors have been seen running phishing campaigns targeting a prominent Jewish figure to deliver a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint tracks activity called TA453, which intersects with activity tracked by the broader cybersecurity community under the aliases APT42 (Mandiant), Charming Kitten (CrowdStrike), Damselfly (Symantec), Mint Sandstorm (Microsoft), and Yellow. Garuda (PwC). “The initial interaction was trying to entice the subject to engage with the benign email to build conversation and trust, and then click on the next malicious link,” security researchers Joshua Miller, Georgi Mladenov, Andrew Northern and Greg…

August 20, 2024Ravi LakshmananVulnerability / Container Security Cybersecurity researchers have discovered a security flaw affecting Microsoft’s Azure Kubernetes services that, if successfully exploited, could allow an attacker to elevate privileges and gain access to credentials for services used by the cluster. “An attacker executing a command in a Pod running on a compromised Azure Kubernetes Services cluster can download the configuration used to secure a cluster node, obtain transport layer (TLS) download tokens, and perform a TLS download attack to read all secrets inside the cluster” , Google-owned Mandiant said. Clusters using “Azure CNI” for “Network Configuration” and “Azure” for…

August 20, 2024Ravi LakshmananVulnerability / Threat Intelligence A previously undocumented backdoor called Msupedge was used against a cyber attack targeting an unnamed university in Taiwan. “The most notable feature of this backdoor is that it communicates with the command and control (C&C) server through DNS traffic,” Symantec Threat Hunter team, part of Broadcom, said in a report shared with The Hacker News. The origin of the backdoor is currently unknown, as are the targets of the attack. The initial access vector that likely facilitated the deployment of Msupedge is said to involve exploiting a recently disclosed critical flaw affecting PHP…

August 20, 2024Ravi LakshmananVulnerability / Ransomware The US Cybersecurity and Infrastructure Security Agency (CISA) has added critical security flaw that affects known Jenkins exploited vulnerabilities (KEV) directory after its use in ransomware attacks. Vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that can lead to code execution. “The Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that could allow an attacker to restrict read access to certain files, which could lead to code execution,” CISA said in a statement. It was the first opened By Sonar security researchers in January 2024 and addressed in…