Author: Admin

September 19, 2024Ravi LakshmananCryptojacking / Cloud Security A cryptojacking operation known as Team TNT has probably relaunched as part of a new campaign targeting virtual private server (VPS) infrastructure based on the CentOS operating system. “The initial access was accomplished through a brute-force Secure Shell (SSH) attack on the victim’s assets, during which the threat actor downloaded a malicious script,” Group-IB researchers Vito Alfano and Nam Le Phuong said in Wednesday’s report. The malicious script, the Singapore-based cybersecurity firm noted, is responsible for disabling security features, deleting logs, halting cryptocurrency mining processes, and preventing recovery. Attack chains ultimately pave the…

A previously undocumented malware called SambaSpy is targeting users in Italy exclusively through a phishing campaign orchestrated by an alleged Brazilian Portuguese-speaking actor. “Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country,” Kaspersky said in a new analysis. “It is likely that the attackers are testing the waters with Italian users before expanding to other countries.” The starting point of the attack is a phishing email that contains an HTML attachment or an embedded link that initiates the infection process. When the HTML attachment is opened, a…

Healthcare cybersecurity has never been more important. As the most vulnerable industry and the biggest target for cybercriminals, healthcare is facing a growing wave of cyberattacks. When a hospital’s systems are held hostage by ransomware, not only data is at risk, but the care of patients who depend on life-saving treatment. Imagine an attack that causes emergency care to be halted, surgeries to be delayed, or a cancer patient’s private health information to be used for extortion. That’s the reality healthcare faces when cybercriminals exploit people in need. Since 2012, healthcare accounted for 17.8% of all breaches and 18.2% of…

September 19, 2024Ravi LakshmananHealthcare / Malware Microsoft has revealed that a financially motivated threat actor has used a ransomware called INC for the first time to target the US healthcare sector The tech giant’s threat intelligence team tracks activity under the name Vanilla storm (formerly DEV-0832). “Vanilla Tempest receives a transmission from GootLoader of the Storm-0494 threat before deploying tools such as the Supper backdoor, AnyDesk’s legitimate remote monitoring and management (RMM) tool, and the MEGA data synchronization tool, said in a series of messages shared by X. In the next step, attackers perform lateral movement via Remote Desktop Protocol…

September 19, 2024Ravi LakshmananEnterprise Security / DevOps GitLab has it released patches to address a critical flaw affecting Community Edition (CE) and Enterprise Edition (EE) that could lead to authentication bypass. The vulnerability resides in the ruby-saml library (CVE-2024-45409, CVSS Score: 10.0), which could allow an attacker to log in as an arbitrary user on a vulnerable system. This was resolved last week. The issue is caused by the library not validating the signature of the SAML response correctly. SAML, short for Security Assertion Markup Language, is a protocol that enables single sign-on (SSO) and the exchange of authentication and…

Cybersecurity researchers have discovered a never-before-seen botnet consisting of an army of small office/home office (SOHO) and IoT devices likely operated by a Chinese state-owned threat actor called Linen typhoon (aka Ethereal Panda or RedJuliett). Sophisticated botnet, duplicated Raptor train Lumen’s Black Lotus Labs is believed to have been active since at least May 2020, peaking at 60,000 actively jailbroken devices in June 2023. “Since then, there have been over 200,000 SOHO routers, NVR/DVR devices, network attached storage (NAS) servers and IP cameras; all of which are included in the Raptor Train botnet, making it one of China’s largest state-funded…

He was a Chinese citizen accused in the US on charges of conducting a “multi-year” phishing campaign to gain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities and private companies. Song Woo, 39, was charged with 14 counts of wire fraud and 14 counts of aggravated identity theft. If convicted, he faces a maximum sentence of 20 years in prison on each count of fraud and two consecutive years in prison on the identity theft count. He worked as an engineer at the Aviation Industry Corporation of China (AVIC),…

The evolution of software always catches us by surprise. I remember betting against the IBM Deep Blue computer during its chess match against Grandmaster Garry Kasparov in 1997, only to be stunned when the machine declared victory. Let’s move to today. Could we have imagined just three years ago that a chatbot could write essays, handle support calls and even create commercials Source link

September 18, 2024Ravi LakshmananCyber ​​espionage / malware A cyber espionage group linked to North Korea has been seen using leverage phishing lures for jobs to target potential victims in the energy and aerospace verticals and infect them with a previously undocumented backdoor called MISPPEN. The activity cluster is tracked by Mandiant, owned by Google, under a pseudonym UNC2970which he said coincides with a threat group known as TEMP. Hermitwhich is also commonly referred to as the Lazarus Group or Diamond Sleet (formerly Zinc). The threat actor has a history of attacking government, defense, telecommunications and financial institutions around the world…

September 18, 2024Ravi LakshmananBrowser security/privacy Google has announced that it is releasing a new set of features for its Chrome browser that gives users more control over their data while surfing the web and protects against online threats. “With the latest version of Chrome, you can take advantage of our upgraded security checks, opt out of unwanted website notifications more easily, and grant certain site permissions just once,” the tech giant said. said. Improvements to Security check allow it to run automatically in the background, notifying users of actions they’ve taken, such as revoking permissions for websites they no longer…