Author: Admin
December 11, 2024Ravi LakshmananCyber espionage / Cyber attack The alleged Chinese threat actor has been linked to a series of cyberattacks targeting prominent organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in a variety of sectors, including government ministries in two different countries, an air traffic control organization, a telecommunications company and the Symantec Threat Hunter Team’s media. said in a new report shared with The Hacker News. The attacks, which used tools previously identified as linked to China’s Advanced Persistent Threat Groups (APTs), are characterized by the use of both open source and…
December 11, 2024Ravi LakshmananMalware / cyber espionage The Russian national-statesman is tracked as Secret blizzard was seen using malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings came from Microsoft’s threat intelligence team, which said that between March and April 2024. observed how an adversary used the Amadey bot malware to download custom malware onto “handpicked” systems linked to the Ukrainian military. The activity is believed to be the second since 2022, when Secret Blizzard, also known as Turla, seized on a cybercrime campaign to distribute its…
December 11, 2024Ravi LakshmananRansomware/Malware Cybersecurity researchers have discovered a new version ZLoader malware that uses a Domain Name System (DNS) tunnel for command-and-control (C2) communication, indicating that threat actors continue to improve the tool after surface restoration a year ago. “Zloader 2.9.4.0 adds notable improvements, including a custom DNS tunneling protocol for C2 communication and an interactive shell that supports more than a dozen commands that can be useful for ransomware attacks” — Zscaler ThreatLabz said in Tuesday’s report. “These modifications provide additional levels of resistance against detection and mitigation.” ZLoaderalso called Terdot, DELoader, or Silent Night, is a malware…
December 11, 2024Ravi LakshmananMalware / Endpoint Security A newly developed technique uses a Windows accessibility system called User Interface Automation (UIA) to perform a wide range of malicious activities without reporting to Endpoint Detection and Response (EDR) solutions. “To exploit this technique, the user must be persuaded to run a program that uses UI automation,” Akamai security researcher Tomer Peled said in the report shared with The Hacker News. “This can lead to covert execution of commands that can collect sensitive data, redirect browsers to phishing websites, and more.” Worse, local attackers can exploit this security blind spot to execute…
December 11, 2024Ravi LakshmananVulnerability / Authentication Cybersecurity researchers have identified a “critical” security vulnerability in Microsoft’s implementation of multi-factor authentication (MFA) that allows an attacker to trivially bypass protections and gain unauthorized access to a victim’s account. “The bypass was simple, taking about an hour to execute, requiring no user interaction, generating no notifications, and giving the account owner no indication of a problem,” Oasis Security researchers Elad Luz and Tal Hassan said in a report shared with The Hacker News. After responsible disclosure, the question is a code name AuthQuake – Microsoft appealed in October 2024. As long as…
Cybersecurity researchers have discovered a new surveillance program believed to be used by police departments in China as a legitimate interception tool to collect a wide range of information from mobile devices. Lookout’s Android tool, codenamed EagleMsgSpy, has been around since at least 2017 with artifacts loaded to the VirusTotal malware scanning platform only on September 25, 2024. “The surveillance software consists of two parts: an APK installer and a surveillance client that runs headless on the device after installation,” Christina Balaam, Lookout’s senior threat intelligence officer, said in a technical the report shared with The Hacker News. “EagleMsgSpy collects…
December 11, 2024Hacker newsSaaS Security / Endpoint Security In today’s highly distributed workplace, every employee has the ability to act as their own CIO, implementing new cloud and SaaS technologies whenever and wherever they want. While this has been a critical boon for productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world’s first and only all-in-one solution SaaS management in one solution: Opening: Gain visibility into your complete SaaS footprint, including GenAI apps, free tools, tenant duplicates, deprecated apps, and more, all on day one. Security: Protect…
Microsoft has closed its Patch Tuesday updates for 2024 with fixes for a a total of 72 security flaws covers his software portfolio, including one he says has been used in the wild. Of the 72 deficiencies, 17 are rated critical, 54 are important, and one is of moderate severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow elevation of privilege. This is in addition to 13 weaknesses the company has addressed in its Chromium-based Edge browser since its release last month’s security update. In total, Microsoft patched 1,088 vulnerabilities in 2024 on Fortra…
December 11, 2024Ravi LakshmananVulnerability / data breach On Tuesday, the US government dropped charges against a Chinese national for allegedly hacking thousands of Sophos firewalls around the world in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked for Sichuan Silence Information Technology Company, Limited, was charged with conspiracy to commit computer fraud and conspiracy to commit electronic network fraud. Guan was accused of developing and testing a zero-day vulnerability that was used to launch attacks against Sophos firewalls. “Guan Tianfeng is wanted for his alleged role in a conspiracy to gain unauthorized access to Sophos…
December 11, 2024Ravi LakshmananVulnerability / Network Security Ivanti has released security updates to address multiple critical vulnerabilities in its Cloud Services Application (CSA) and Connect Secure products that could lead to elevation of privilege and code execution. The list of vulnerabilities is as follows – CVE-2024-11639 (CVSS Score: 10.0) – Authentication bypass vulnerability in the Ivanti CSA Web Admin Console before 5.0.3 could allow a remote, unauthenticated attacker to gain administrative access CVE-2024-11772 (CVSS Score: 9.1) – Command execution vulnerability in the Ivanti CSA Web Admin Console before version 5.0.3 allows a remote authenticated attacker with administrative privileges to achieve…