Author: Admin
April 21, 2025Red LakshmananMalicious software / vulnerability Cybersecurity researchers have marked a new malicious campaign associated with the North Korean state actor known as Kimas This exploits now, which is a vulnerability that affects Microsoft’s desktop services to gain initial access. Activities has been named Larva-24005 In the center of the AHNLAB security intelligence (ASEC). “In some systems, the initial access was obtained from the operation of the RDP (Bluekeep, Cve-2019-0708), South Korean Cybersecurity Company – Note. “While the compromised system found the RDP vulnerability, no evidence of its actual use.” Cve-2019-0708 (CVSS’s assessment: 9.8) – this Critical worm error…
April 21, 2025Red LakshmananTechnology / Mobile Security Named new Android Marsware Platform (MAAS) (MAAS) Supercard X can promote communication close fields (Nfc) Attacks of the relay, which allows cybercriminals to conduct fake hammer. The active company focuses on banking institutions and card issuers in Italy in order to compromise payment card data, said the firm prevention firm. There are data that suggest that the service is moving on Telegram. Supercard X “uses a multi -stage approach that combines social engineering (via Sming and theheng call), malicious app installation and interception NFC data for highly efficient fraud”, Federico Valentini Safety Researchers,…
The problem is simple: all the violations begin with the initial access, and the initial access is reduced to two main vectors of the attack – accounts and devices. This is not news; Each report you can find in the threat landscape shows the same picture. The solution is more complicated. In this article, we will focus on the vector of the device. The risk they represent is significant, so devices such as mobile device control tools (MDM) and the detection and reaction of the endpoints (EDR) are the main components of the organization’s security infrastructure. However, based solely on…
April 21, 2025Red LakshmananVulnerability / intelligence threats Cybersecurity researchers revealed a splash in “mass scan, accounts and operating attempts” from the IP address Proton66. Activities, revealed from January 8, 2025, focused organizations worldwide, said in a double analysis published by Trustwave Spiderlabs last week. “Clean blocks 45.135.232.0/24 and 45.140.17.0/24 were particularly active – noted. “Earlier, several people who violate IP -Drace have not previously participated in harmful activity or were inactive for more than two years.” Russian Autonomous System Proton66 is evaluated be related to another autonomous system by the Prospero name. Last year, the French Protective Firm Intrinsec spoke…
The Russian state -owned threatening actor known as APT29 was associated with an advanced phishing company that focuses on diplomatic structures across Europe with a new Wineloader version and previously unregistered malicious programs called Grapeloader. “Although the improved Wineloader option is still a modular back used in the following stages, Grapeloader is a recently observed tool from the initial stage used for fingerprint, perseverance and delivery of useful load” – Note In a technical analysis published earlier this week. “Despite the different roles, both share similarities in the code structure, burdenship and transcript of the lines. The Grapeloader clarifies the…
April 19, 2025Red LakshmananLinux / malicious program Cybersecurity researchers have discovered three malicious packages in the NPM register, which is masked as a popular Telegram Bot Library, but Harbour SSH Backdoor and the data exports. Under consideration packages are given below – According to the safety of the supply chains, the packages are designed to simulate Node-Telegram-Bot-APIPopular API Node.js Telegram with more than 100,000 Weeking Downloads. Three libraries are still available for download. “Although this number may seem modest – Note. “The supply security incidents repeatedly indicate that even several institutions may have catastrophic consequences, especially if the attackers get…
April 19, 2025Red LakshmananNetwork security / vulnerability ASUS revealed a critical lack of security that affect the routers Aicloud Enabled, which can allow distant attackers to perform unauthorized performance on sensitive devices. Vulnerability tracked as Cve-2025-2492has a CVSS 9.2 mark with a maximum of 10.0. “Incorrect vulnerability by authentication management exists in a specific series of asus firmware”, Asus – Note In advisory. “This vulnerability can be caused by a developed request, which can lead to unauthorized functions.” The disadvantage was addressed with the firmware updates for the following branches – 3.0.0.4_382 3.0.0.4_386 3.0.0.4_388, and 3.0.0.6_102 For optimal protection it…
Cybersecurity researchers have warned of a “wide and permanent” SMS phishing company, which aims at paid road roads in the US for financial thefts since mid -October 2024. “Numerous attacks on the road are carried out by numerous financially motivated threats by the subjects using the Smishing set, developed” Wang Duo Yu. evaluated with moderate confidence. A Phishing -CompanyAccording to the company, it stands for US electronic fence collection systems such as E-ZPASS, sending SMS messages and apple zessages to private persons by Washington, Florida, Pennsylvania, Virginia, Texas, Ohio, Illinois and Kansas about unpaid value. Worth noting some aspects of…
A new multi -stage attack has been noted, which provides malware such as Tesla options, Remcos Rat and Xloader. “The attackers are increasingly counting on such complex delivery mechanisms to avoid detection, bypassing traditional sandboxes and ensuring successful delivery and execution of useful load,” “Palo Alto Networks Unit 42 Researcher Sakib Hanzada” – Note In the company’s technical record. The starting point of the attack is a deceptive letter that presents the request for the malicious attachment of the 7-ZIP archive, which contains the JavaScript file coded (.jse). The e -mail, which was observed in December 2024, falsely claimed that…
April 18, 2025Hacker NewsSaas Security / Shadow It Your employees did not want to expose sensitive data. They just wanted to move faster. So they used the chat to summarize the deal. Uploaded the spreadsheet into the AI -enhanced AI tool. Built -in chat in salesforce. Nothing wrong – until it’s. If it sounds familiar, you are not alone. Most security teams are already lagging behind the detection of how AI’s tools calmly redo their Saas environments. And as long as the warning is caused – if it even exists – the damage can already be done. This is not…