Author: Admin
September 11, 2024Ravi LakshmananNetwork Security / Hacking The operators of the mysterious Quad7 botnet thrive by hacking several brands of SOHO routers and VPN devices using a combination of known and unknown security flaws. According to a new report from French cybersecurity company Sekoia, devices from TP-LINK, Zyxel, Asus, Axentra, D-Link and NETGEAR are the targets. “Quad7 botnet operators appear to be evolving their toolkit by introducing new backdoors and exploring new protocols to improve stealth and evade the tracking capabilities of their Operational Relay Blocks (ORBs),” researchers Felix Hame, Pierre-Antoine D. . , and Charles M. said. Quad7, also…
The “Simplified Chinese-speaking actor” has been linked to a new company targeting several countries in Asia and Europe with the ultimate goal of performing search engine optimization (SEO) with a ranking. The black hat SEO cluster has been codenamed DragonRank from Cisco Talos, with a victimological trail scattered across Thailand, India, Korea, Belgium, the Netherlands and China. “DragonRank uses the target’s web application services to deploy a web shell and uses it to collect system information and launch malware such as PlugX and BadIIS, which work with various credential harvesting utilities,” security researcher Joey Chen said. The attacks led to…
September 11, 2024Ravi LakshmananCybercrime / Hacking The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean for their alleged involvement in illegal cyber activities in the country. This happened after a group of about 160 law enforcement officers conducted a series of simultaneous raids in several locations on September 9, 2024. The six men, aged between 32 and 42, are suspected of being linked to a “global syndicate” that conducts malicious cyber activities. During the operation, electronic devices and cash were confiscated. Those arrested include a 42-year-old Chinese national from Bidadari Park Drive, who…
Imagine a world where you never have to remember another password. Sounds like a dream come true for both end users and IT teams, right? But as the old saying goes, “If it sounds too good to be true, it probably is.” If your organization is like many others, you may be planning to switch to passwordless authentication. But the reality is that the passwordless security approach has its own merits Source link
September 11, 2024Ravi LakshmananMalware / software development Cybersecurity researchers have discovered a new set of malicious Python packages targeting software developers under the guise of coding assessments. “The new samples were tracked in GitHub projects that were linked to previous targeted attacks in which developers are lured with fake interviews,” ReversingLabs researcher Carlo Zanchi said. said. This activity was evaluated as part of an ongoing campaign called VMConnect that was born for the first time in August 2023. There is testimony that it is the handiwork of the Lazarus Group, which is supported by North Korea. The use of interviewing…
September 11, 2024Ravi LakshmananEnterprise Security / Vulnerability Ivanti has released software updates for address multiple security flaws affecting Endpoint Manager (EPM), including 10 critical vulnerabilities that could lead to remote code execution. A brief description of the problems is as follows: CVE-2024-29847 (CVSS Score: 10.0) – Untrusted data deserialization vulnerability allows a remote, unauthenticated attacker to achieve code execution. CVE-2024-32840, CVE-2024-32842, CVE-2024-32843, CVE-2024-32845, CVE-2024-32846, CVE-2024-32848, CVE-2024-34779, CVE-2024-34783, and CVE-2024-32848. 2024-34785 (CVSS Score: 9.1) – Multiple unspecified SQL injection vulnerabilities that allow an attacker with authenticated administrator privileges to achieve remote code execution The vulnerabilities affect EPM versions 2024 and 2022…
September 11, 2024Ravi LakshmananWindows Security/Vulnerabilities Microsoft on Tuesday opened that three new security vulnerabilities affecting the Windows platform were actively exploited as part of the September 2024 Patch Tuesday update. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated critical, 71 are important, and one is rated moderate. It is aside from 26 disadvantages which the tech giant decided on its Chromium-based Edge browser after releasing a patch on Tuesday last month. The three vulnerabilities that have been exploited in a malicious context are listed below, along with the bug that Microsoft considers an…
A threat actor known as CosmicBeetle has debuted a new special ransomware called ScRansom in attacks targeting small and medium-sized businesses (SMBs) in Europe, Asia, Africa and South America, and is believed to be operating as an affiliate for RansomHub. “CosmicBeetle has replaced its previously deployed Scarab ransomware with ScRansom, which is constantly being improved,” ESET researcher Jakub Soucek said in a new analysis published today. “Without being first-rate, a threat actor can compromise targets of interest.” The targets of ScRansom attacks are the manufacturing, pharmaceutical, legal, education, healthcare, technology, hospitality, leisure, financial services and regional government sectors. CosmicBeetle is…
Duplicated new side channel attack PIXHEL can be abused to target air-gapped computers, breaking the “sound gap” and stealing sensitive information by taking advantage of the noise created by the pixels on the screen. “Malware in airgap and audiogap computers creates engineered pixel patterns that produce noise in the 0-22kHz frequency range,” Dr. Mordechai Gurihead of the Offensive Cyber Research Laboratory at the Department of Software Development and Information Systems at Ben-Gurion University of the Negev in Israel, said in a newly published newspaper. “The malicious code uses the sound created by the coils and capacitors to control the frequencies…
September 10, 2024Ravi LakshmananMalware / cyber espionage Three China-linked threat clusters have been seen compromising more government organizations in Southeast Asia in a renewed state-sponsored code-named operation Raspberry Palacewhich indicates the expansion of espionage activities. Cybersecurity firm Sophos, which is tracking the cyberattack, said it consisted of three sets of intrusions, tracked as Cluster Alpha (STAC1248), Cluster Bravo (STAC1870) and Cluster Charlie (STAC1305). STAC is an acronym for “security threat cluster”. “Attackers consistently used other compromised organizational and public networks in this region to deliver malware and tools under the guise of a trusted access point,” security researchers Mark Parsons,…