Author: Admin

December 5, 2024Ravi LakshmananCryptocurrency / Mobile Security More than 77 banking institutions, cryptocurrency exchanges and national organizations have been targeted by a newly discovered Android Remote Access Trojan (RAT) called DroidBot. “DroidBot is a state-of-the-art RAT that combines stealthy VNC and overlay attack techniques with spyware-like capabilities such as keyboard and UI monitoring,” Cleafy researchers Simone Mattia, Alessandro Strina, and Federico Valentini said. “What’s more, it uses two-channel communication when transmitting output data MQTT and receiving incoming commands over HTTPS, providing increased operational flexibility and resiliency.” An Italian fraud prevention company said it discovered the malware in late October 2024,…

December 5, 2024Ravi LakshmananIoT Vulnerability / Security Cyber ​​security researchers have released a proof-of-concept (PoC) exploit that combines a patched critical security flaw affecting Mitel MiCollab with arbitrary zero-day file reading, allowing an attacker to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS Score: 9.8), which relates to insufficient input validation in Mitel MiCollab’s NuPoint Unified Messaging (NPM) component, leading to an attack bypassing the path. MiCollab is a software and hardware solution which integrates chat, voice, video and SMS messaging with Microsoft Teams and other apps. NPM is a voice mail server systemwhich allows…

Duplicated previously undocumented threat cluster Land of the Minotaur uses the MOONSHINE exploit suite and an unregistered Android and Windows backdoor called DarkNimbus to facilitate long-term surveillance operations against Tibetans and Uighurs. “Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat and potentially making it a cross-platform threat,” Trend Micro researchers Joseph Chen and Daniel Lungi said in an analysis published today. “MOONSHINE exploits many known vulnerabilities in Chromium-based browsers and applications, requiring users to regularly update their software to prevent attacks.” Countries affected by Earth Minotaur attacks include Australia, Belgium, Canada, France,…

Vulnerability management (VM) has long been a cornerstone of an organization’s cybersecurity. Almost as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. In recent years, however, the limitations of this approach have become increasingly apparent. In essence, vulnerability management processes remain important for identifying and remediating flaws. But with the passage of time and the development of attack paths, this approach is starting to show its age. In a recent report, How to turn vulnerability management into impact management (Gartner, How to Turn Vulnerability Management…

December 5, 2024Ravi LakshmananThreat Intelligence / Cyber ​​Espionage A suspected Chinese threat actor targeted a major US organization earlier this year as part of a four-month intrusion. According to Broadcom-owned Symantec, the first evidence of malicious activity was discovered on April 11, 2024, and continued through August. However, the company does not rule out that the invasion could have happened earlier. “The attackers moved across the organization’s network, compromising multiple computers,” the Symantec Threat Hunter team said in a report shared with The Hacker News. “Some of the targeted machines were Exchange servers, suggesting that the attackers were gathering intelligence…

December 5, 2024Ravi LakshmananCyber ​​espionage / malware The China-linked threat known as MirrorFace has been attributed to a new phishing campaign since June 2024, mainly targeting individuals and organizations in Japan. The purpose of the campaign is to spread backdoors known as NOOPDOOR (aka HiddenFace) and SORRY (aka UPPERCOTT), Trend Micro’s technical analysis says. “An interesting aspect of this campaign is the return of a backdoor called ANEL that was used in campaigns targeting Japan APT10 until around 2018 and has not been observed since then,” said security researcher Hara Hiroaki said. It should be noted that MirrorFace also used…

December 5, 2024Ravi LakshmananVulnerability / Threat Intelligence The US Cybersecurity and Infrastructure Security Agency (CISA) has added multiple security flaws affecting products with Zyxel, North Grid Proself, ProjectSendand Cyber ​​panel to its known vulnerabilities used (KEV) catalog with reference to evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-51378 (CVSS Score: 10.0) – Incorrect default permissions vulnerability that could allow authentication bypass and execution of arbitrary commands using shell metacharacters in the statusfile property CVE-2023-45727 (CVSS Score: 7.5) – Incorrect XML External Entity (XXE) reference restriction that could allow a remote, unauthenticated attacker…

December 5, 2024Ravi LakshmananCryptocurrency / Financial Crimes Britain’s National Crime Agency (NCA) on Wednesday announced that she led an international investigation to disrupt Russian money-laundering networks found to be facilitating serious and organized crime in the UK, the Middle East, Russia and South America. A code-named effort Operation “Destabilization”.led to the arrest of 84 suspects linked to two Russian-language networks, Smart and TGR. In addition, £20 million ($25.4 million) in cash and cryptocurrency was seized. Both enterprises are located in the Moscow Federation tower, per Telegraphwhich is known act as a center for money laundering firms. Concurrent with the liquidation…

December 4, 2024Ravi LakshmananCyber ​​espionage / malware The Russian-linked Advanced Persistent Threat Group (APT), known as Tower was linked to a previously undocumented campaign that involved infiltrating the command and control (C2) servers of a Pakistani hacker group called Storm-0156 to conduct its own operations from 2022. The activity, first seen in December 2022, is the latest case of an adversary nation-state “embedding itself” in another group’s malicious operations to further its own goals and cloud attribution efforts, Lumen Technologies’ Black Lotus Labs said. “In December 2022, Secret Blizzard initially gained access to the Storm-0156 C2 server and by mid-2023…

Are you using the cloud or thinking about switching? There is no doubt that multi-cloud and hybrid environments offer many benefits to organizations. However, the flexibility, scalability and efficiency of the cloud comes with a significant risk – an expanded attack surface. The decentralization associated with the use of multi-cloud environments can also lead to limited visibility of user activities and poor access management. Privileged accounts with access to critical systems and sensitive data are among the most vulnerable elements in cloud settings. If mismanaged, these accounts open the door to unauthorized access, potential malicious activity, and data leakage. This…