Author: Admin

December 5, 2024Ravi LakshmananCyber ​​espionage / malware The China-linked threat known as MirrorFace has been attributed to a new phishing campaign since June 2024, mainly targeting individuals and organizations in Japan. The purpose of the campaign is to spread backdoors known as NOOPDOOR (aka HiddenFace) and SORRY (aka UPPERCOTT), Trend Micro’s technical analysis says. “An interesting aspect of this campaign is the return of a backdoor called ANEL that was used in campaigns targeting Japan APT10 until around 2018 and has not been observed since then,” said security researcher Hara Hiroaki said. It should be noted that MirrorFace also used…

December 5, 2024Ravi LakshmananVulnerability / Threat Intelligence The US Cybersecurity and Infrastructure Security Agency (CISA) has added multiple security flaws affecting products with Zyxel, North Grid Proself, ProjectSendand Cyber ​​panel to its known vulnerabilities used (KEV) catalog with reference to evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-51378 (CVSS Score: 10.0) – Incorrect default permissions vulnerability that could allow authentication bypass and execution of arbitrary commands using shell metacharacters in the statusfile property CVE-2023-45727 (CVSS Score: 7.5) – Incorrect XML External Entity (XXE) reference restriction that could allow a remote, unauthenticated attacker…

December 5, 2024Ravi LakshmananCryptocurrency / Financial Crimes Britain’s National Crime Agency (NCA) on Wednesday announced that she led an international investigation to disrupt Russian money-laundering networks found to be facilitating serious and organized crime in the UK, the Middle East, Russia and South America. A code-named effort Operation “Destabilization”.led to the arrest of 84 suspects linked to two Russian-language networks, Smart and TGR. In addition, £20 million ($25.4 million) in cash and cryptocurrency was seized. Both enterprises are located in the Moscow Federation tower, per Telegraphwhich is known act as a center for money laundering firms. Concurrent with the liquidation…

December 4, 2024Ravi LakshmananCyber ​​espionage / malware The Russian-linked Advanced Persistent Threat Group (APT), known as Tower was linked to a previously undocumented campaign that involved infiltrating the command and control (C2) servers of a Pakistani hacker group called Storm-0156 to conduct its own operations from 2022. The activity, first seen in December 2022, is the latest case of an adversary nation-state “embedding itself” in another group’s malicious operations to further its own goals and cloud attribution efforts, Lumen Technologies’ Black Lotus Labs said. “In December 2022, Secret Blizzard initially gained access to the Storm-0156 C2 server and by mid-2023…

Are you using the cloud or thinking about switching? There is no doubt that multi-cloud and hybrid environments offer many benefits to organizations. However, the flexibility, scalability and efficiency of the cloud comes with a significant risk – an expanded attack surface. The decentralization associated with the use of multi-cloud environments can also lead to limited visibility of user activities and poor access management. Privileged accounts with access to critical systems and sensitive data are among the most vulnerable elements in cloud settings. If mismanaged, these accounts open the door to unauthorized access, potential malicious activity, and data leakage. This…

Europol on Tuesday announced taking down an invitation-only encrypted messaging service called MATRIX created by criminals for criminal purposes. A joint operation carried out by French and Dutch authorities under the pseudonym passion flowerfollows an investigation launched in 2021 after the messaging service was discovered on the phone of a criminal convicted of murdering a Dutch journalist Peter R. de Vries. This allowed authorities to intercept messages sent through the service for three months, accumulating a total of more than 2.3 million messages in 33 languages. According to Europol, these reports relate to serious crimes such as international drug trafficking,…

Many organizations struggle with password policies that look strong on paper but don’t work in practice because they’re too rigid to follow, too vague to enforce, or out of touch with actual security needs. Some are so tedious and complicated that employees place passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose that they might as well not exist. And many simply copy generic standards that don’t address their specific security concerns. Creating a password policy that works to protect your organization in the real world requires a careful balance: it must be strict…

December 4, 2024Ravi LakshmananAn attack on the supply chain Cybersecurity researchers warn of attack on software supply chains targeting popular @solana/web3.js npm library, which included the promotion of two malicious versions capable of harvesting users’ private keys in order to drain their cryptocurrency wallets. The attack was discovered in versions 1.95.6 and 1.95.7. Both of these versions are no longer available for download from the npm registry. The package is widely used, attracting more than 400,000 downloads every week. “These compromised versions contain embedded malware that is designed to steal private keys from unsuspecting developers and users, potentially allowing attackers…

December 4, 2024Ravi LakshmananEmail Security / Malware Cybersecurity researchers have turned their attention to a new phishing campaign that uses corrupted Microsoft Office documents and ZIP archives as a way to bypass email protection. “Ongoing attack evades antivirus software, prevents sandboxing and bypasses Outlook’s spam filters, allowing malicious emails to reach your inbox”, ANY.RUN said in a series of posts on X. Malicious activity involves sending emails containing ZIP archives or Office attachments that are intentionally corrupted in a way that cannot be scanned by security tools. These messages are designed to trick users into opening attachments with false promises…

December 4, 2024Ravi LakshmananSoftware Vulnerability / Security A critical security vulnerability has been discovered in SailPoint Identity IQ identity and access management (IAM) software that allows unauthorized access to content stored in an application directory. Drawback tracked as CVE-2024-10905has a CVSS score of 10.0, indicating maximum severity. This affects IdentityIQ version 8.2. 8.3, 8.4 and other previous versions. IdentityIQ “allows HTTP access to static content in the IdentityIQ application directory that must be secured,” according to description flaw in NIST’s National Vulnerability Database (NVD). The vulnerability was described as an instance of incorrect handling of file names that identify virtual…