Author: Admin
December 14, 2024Ravi LakshmananMalware/cyber threats Thai government officials have been targeted by a new company using a technique called Sideloading DLL put a previously undocumented backdoor duplicated Yokai. “Based on the nature of the lures, the threat actors targeted Thai officials,” Nikhil Hegde, a senior engineer at Netskope’s security team, told The Hacker News. “The Yokai backdoor itself is unlimited and can be used against any potential target.” The the starting point of the attack chain is a RAR archive containing two Windows shortcut files with titles in Thai that translate to “United States Department of Justice.pdf” and “United States…
December 13, 2024Ravi LakshmananCyber attack / malware It is estimated that a remote GitHub repository that advertised WordPress’ online content management system (CMS) tool allowed more than 390,000 credentials to be stolen. The malicious activity is part of a larger attack campaign launched by a threat actor dubbed MUT-1244 (where MUT refers to “Mysterious Unattributed Threat”) by Datadog Security Labs, which includes phishing and several trojanized GitHub repositories that post proof of concept. (PoC) code to exploit known security flaws. “Victims are believed to be attackers, including pentesters and security researchers, as well as malicious threat actors, and had their…
December 13, 2024Hacker newsLinux / Vulnerability A security flaw was discovered OpenWrtVisited by Sysupgrade (ADU) feature that, if successfully exploited, could be used to distribute malicious software packages. Vulnerability, tracked as CVE-2024-54143has a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK is credited with discovering and reporting the flaw on December 4, 2024. The problem was fixed in ASU version 920c8a1. “By combining command injection into the image builder image and the truncated SHA-256 hash included in the build request hash, an attacker can taint a legitimate image by providing a…
The US Department of Justice (DoJ) has charged 14 nationals of the Democratic People’s Republic of Korea (DPRK or North Korea) for their alleged involvement in an ongoing conspiracy to violate sanctions and commit fraud, money laundering and identity theft. by illegally seeking employment in American companies and non-profit organizations. “The conspirators, who worked for the DPRK-controlled companies Yanbian Silverstar and Volasys Silverstar, located in the People’s Republic of China (PRC) and the Russian Federation (Russia), respectively, conspired to use false, stolen, and borrowed identities from the United States and others to conceal their North Korean identities and foreign locate…
Managed by the Tines orchestration, AI and automation platform team, the Tines library contains pre-built workflows used by real security professionals from across the community, all of which are free to import and deploy via Community edition platform. Their twice-yearly “You Did What with Tines?!” the competition highlights some of the most interesting workflows submitted by their users, many of which demonstrate the practical application of large-scale language models (LLM) to solve complex problems in security operations. One recent winner is a workflow designed to automate CrowdStrike RFM reports. Developed by Tom Power, a security analyst at the University of…
December 13, 2024Hacker newsIoT Security / Operational Technology Iran-linked threat actors have been linked to new custom malware targeting IoT and operational technology (OT) environments in Israel and the US. The malware received a code name IOCONTROL from cybersecurity company OT Claroty, highlighting its ability to attack IoT and SCADA devices such as IP cameras, routers, programmable logic controllers (PLCs), human machine interfaces (HMIs), firewalls, and other Linux-based based on IoT/OT platforms. “Although the malware is believed to be custom-built by the threat actor, it appears that the malware is generic enough to run on different platforms from different vendors…
December 13, 2024Ravi LakshmananLinux / threat analysis Cyber security researchers have discovered a new Linux rootkit called SORRY which comes with capabilities to elevate privileges, hide files and directories, and hide itself from system tools while avoiding detection. “PUMAKIT is a sophisticated Loaded Kernel Module (LKM) rootkit that uses sophisticated stealth mechanisms to hide its presence and communicate with command-and-control servers,” Elastic Security Lab researchers Remka Spruten and Ruben Groenewood said in a technical report published on Thursday. Analysis of the company is coming from artifacts uploaded to malware scanning platform VirusTotal earlier this September. The interior of the malware…
The US Department of Justice (DoJ) on Thursday announced the closure of an illegal marketplace called Rydox (“rydox.ru” and “rydox(.)cc”) for selling stolen personal information, access devices and other tools for cybercrime and fraud. Three Kosovo citizens and service administrators Ardit Kutlesi, Jetmir Kutlesi and Shpend Sakoli were arrested in tandem. Ardit Kutlesi and Jetmir Kutlesi are expected to be extradited to the US by Falcon, who was detained December 12, 2024 will be charged and prosecuted in Albania. “Rydox Marketplace has conducted over 7,600 sales of personally identifiable information (PII), stolen access devices, and cybercrime tools, generating at least…
December 12, 2024Ravi LakshmananMobile Security / Cyber Espionage A Russian-linked state-sponsored threat tracked as Gamaredon has been attributed to two new Android spyware called BoneSpy and PlainGnomefor the first time, an adversary was found to be using a mobile-only malware family in its attacks. “BoneSpy and PlainGnome Target Former Soviet Countries and Focus on Russian-Speaking Victims.” — Lookout said in the analysis. “Both BoneSpy and PlainGnome collect data such as SMS messages, call logs, phone conversation audio, photos from device cameras, device location, and contact lists.” Hammeredonalso known as Aqua Blizzard, Armageddon, BlueAlpha, Hive0051, Iron Tilden, Primitive Bear, Shuckworm, Trident…
December 12, 2024Ravi LakshmananVulnerability / Cloud Security Cyber security researchers have warned that thousands of servers hosting the Prometheus suite of monitoring and alerting tools are at risk of information leakage and exposure to denial of service (DoS) and remote code execution (RCE) attacks. “Prometheus servers or exportersoften without proper authentication, allowed attackers to easily collect sensitive information such as credentials and API keys,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new report shared with The Hacker News. The cloud security company also said the disclosure Endpoints “/debug/pprof”. used to determine heap memory usage, CPU usage,…