Author: Admin
Despite significant investment in advanced technology and employee training programs, credential- and user-based attacks remain highly prevalent, accounting for 50-80% of enterprise breaches(1),(2). While identity-based attacks continue to dominate as the primary cause of security incidents, the general approach to identity security threats is still threat mitigation, implementing layers of controls to reduce risk, while recognizing that some attacks will be successful. This methodology relies on detection, response and recovery capabilities to minimize damage after a breach has already occurred, but it does not prevent the possibility of successful attacks. Good news? Finally, there is a solution that represents a…
January 23, 2025Ravi LakshmananMalware / Threat Intelligence Cyber security researchers have opened details of a new BackConnect (BC) malware developed by threat actors associated with the infamous QakBot bootloader. “BackConnect is a common feature or module used by threat actors to maintain persistence and accomplish tasks,” Walmart’s Cyber Intelligence team told The Hacker News. “BackConnect used were “DarkVNC” next to IcedID BackConnect (Keyhole).” The company noted that the BC module was found in the same infrastructure distributed by another malware loader called ZLoader, which was recently updated to enable a Domain Name System (DNS) tunnel for command and control (C2)…
January 23, 2025Ravi LakshmananNetwork Security / Vulnerability Cisco has released software updates to address a critical security flaw affecting meeting management that could allow an authenticated remote attacker to gain administrative privileges in sensitive cases. The vulnerability, tracked as CVE-2025-20156, has a CVSS score of 9.9 out of 10.0. This has been described as a privilege escalation flaw in the Cisco Meeting Management REST API. “This vulnerability exists because proper authorization is not performed for REST API users,” the company said said in consultation on Wednesday. “An attacker could exploit this vulnerability by sending API requests to a specific endpoint.”…
January 23, 2025Ravi LakshmananCloud Security / Cryptojacking Google on Wednesday shed light on a financially motivated threat actor by name TRIPLE POWER for opportunistically targeting cloud environments for cryptojacking and local ransomware attacks. “This actor engaged in a variety of threats, including cryptocurrency mining operations on compromised cloud resources and ransomware,” the tech giant’s cloud division said in a statement. 11th Threat Horizons Report. TRIPLESTRENGTH engages in a trio of malicious attacks including illegal cryptocurrency mining, ransomware and extortion, and advertising access to various cloud platforms including Google Cloud, Amazon Web Services, Microsoft Azure, Linode, OVHCloud and Digital Ocean to…
January 22, 2025Ravi LakshmananCyber Security / National Security The new Trump administration has ended all memberships on advisory committees under the Department of Homeland Security (DHS). “Consistent with the commitment of the Department of Homeland Security (DHS) to eliminate misuse of resources and to ensure that DHS activities prioritize our national security, I am issuing an executive order terminating all current memberships on advisory committees within DHS, effective immediately.” a. Benjamin S. Huffman said in a note dated Jan. 20, 2025. “The committee’s future work will be focused solely on advancing our critical mission of protecting the homeland and supporting…
Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to conduct distributed denial of service (DDoS) attacks. According to QiAnXin XLab, the attacks have loan funds security flaw since June 2024. Additional details of the flaws have been withheld to prevent further abuse. Some of the other flaws armed with a distributed denial of service (DDoS) botnet include CVE-2013-3307, CVE-2016-20016, CVE-2017-5259, CVE-2018-14558, CVE-2020-25499, CVE-2020-8515, CVE-2022-3573, CVE-2022-40005, CVE-2022-44149, CVE-2023-28771as well as those affecting AVTECH IP cameras, LILIN video recorders and Shenzhen TVT devices. “The AIRASHI operator posted…
January 22, 2025Ravi LakshmananDark Web / Cryptocurrency US President Donald Trump on Tuesday announced a “full and unconditional pardon” for Ross Ulbricht, the creator of the notorious Silk Road drug market, after he spent 11 years behind bars. “I just called the mother of Ross William Ulbricht to let her know that in honor of her and the Libertarian Movement that has so strongly supported me, I have just been pleased to sign a full and unconditional pardon for her son Ross,” Trump said in a message shared on Truth Social. “The scum who tried to convict him were some…
January 22, 2025Hacker newsRisk Assessment / Browser Security As GenAI tools and SaaS platforms become a staple in the employee toolbox, the risks associated with data exposure, identity vulnerabilities, and uncontrolled browsing have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they don’t always know which risks to prioritize. In some cases, they may have blind spots in the existence of risks. A new one to help additional risk assessment now available. The assessment will be customized for each organization’s viewing environment, assessing their risks and providing actionable information. Security and IT…
A previously undocumented Advanced Persistent Threat Group (APT) with China has been named PlushDaemon was linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new ESET findings. “The attackers replaced the legitimate installer with one that also deployed the group’s proprietary implant, which we called SlowStepper, a multi-functional backdoor with a toolkit of over 30 components,” said ESET researcher Facunda Muñoz. said in a technical report shared with The Hacker News. PlushDaemon is believed to be a China-related group that has been active since at least 2019 and targets individuals…
January 22, 2025Ravi LakshmananVulnerability / Enterprise Security Oracle encourages customers to apply it Critical January 2025 patch update (CPU) to address 318 new security vulnerabilities covering its products and services. The most serious of the flaws is a flaw in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS Score: 9.9) that could allow an attacker to seize control of sensitive instances. “Easily exploitable vulnerability allows low-privileged attackers with network access via HTTP to compromise the Oracle Agile PLM Framework,” it said description security holes in the NIST National Vulnerability Database (NVD). It should be noted that Oracle warned…