Author: Admin
November 30, 2024Mohit KumarRansomware / Cybercrime A Russian cybercriminal wanted in the US in connection with the LockBit and Hive ransomware operations has been arrested by the country’s law enforcement agencies. According to A news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev was accused of developing malware designed to encrypt files and demand a ransom in exchange for a decryption key. “Currently, the investigators have collected enough evidence, the criminal case with the indictment signed by the prosecutor has been sent to the court of the Central District of the city of Kaliningrad for review on the…
November 29, 2024Ravi LakshmananMisinformation / Artificial Intelligence The Moscow-based campaign, hit by US sanctions earlier this year, has been linked to another influence-peddling operation designed to turn public opinion against Ukraine and undermine Western support from at least December 2023. The covert campaign, carried out by the Social Design Agency (SDA), uses artificial intelligence (AI)-enhanced videos and fake websites impersonating authoritative news sources to target audiences in Ukraine, Europe and the US. She got a name Operation Undercut. by Insikt Group Recorded Future. “This operation is in tandem with other companies such as Doubledesigned to discredit Ukraine’s leadership, question the…
November 29, 2024Ravi LakshmananAI Security / Cloud Security Microsoft has fixed four security flaws affecting its artificial intelligence (AI), cloud, enterprise resource planning and partner center offerings, including one it said was being exploited in the wild. A vulnerability marked “Exploitation Discovered” is present CVE-2024-49035 (CVSS score: 8.7), an elevation of privilege flaw at partner.microsoft(.)com. “An improper access control vulnerability in partner.microsoft(.)com could allow an unauthenticated attacker to elevate network privileges,” the tech giant said in an advisory released this week. Microsoft credited Gautam Perry, Apoorva Wadhwa and an anonymous researcher for reporting the flaw, but did not reveal any…
November 29, 2024Ravi LakshmananCybercrime / Cloud Security Cyber security researchers warn of malicious email campaigns that use phishing as a service (PhaaS) a set of tools named Rockstar 2FA to steal Microsoft 365 credentials. “This campaign uses an AitM (adversary-in-the-middle) attack that allows attackers to intercept user credentials and session cookies, meaning that even users with multi-factor authentication (MFA) enabled can still be vulnerable,” — Diane, Trustwave Researcher. Solomon and John Kevin Adriano said. Rockstar 2FA is rated as an updated version DadSec (aka Phoenix) phishing kit. Microsoft tracks the developers and distributors of the Dadsec PhaaS platform under an…
November 29, 2024Ravi LakshmananCorporate Espionage / National Security A 59-year-old US citizen who immigrated from the People’s Republic of China (PRC) was awarded up to four years in prison for conspiring to spy for the country and passing confidential information about his employer to China’s top civilian intelligence service. Ping Li, 59, of Wesley Chapel, Florida, is said to have served as a liaison to the Ministry of State Security (MSS) as recently as August 2012, working on their behalf to obtain information of interest to the Chinese government. Lee worked at telecommunications giant Verizon and later at information technology…
November 28, 2024Ravi LakshmananIoT Security / Vulnerability Nearly two dozen security vulnerabilities have been discovered in Advantech EKI industrial-grade wireless devices, some of which could be weapons for bypassing authentication and executing code with elevated privileges. “These vulnerabilities pose a significant risk by allowing unauthenticated remote code execution with root privileges, thereby completely compromising the privacy, integrity, and availability of affected devices,” said cybersecurity firm Nozomi Networks. said in the analysis on Wednesday. After responsible disclosure, the vulnerabilities were fixed in the following firmware versions: 1.6.5 (for EKI-6333AC-2G and EKI-6333AC-2GD) 1.2.2 (for EKI-6333AC-1GPO) Six of the 20 vulnerabilities identified were…
November 28, 2024Ravi LakshmananSoftware security / data breach Cybersecurity researchers discovered a software supply chain attack that remained active for more than a year in the npm package registry, starting with an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency from infected systems. Package, no @0xengine/xmlrpcwas originally published on October 2, 2023. as a JavaScript-based XML-RPC server and client for Node.js. To date, it has been downloaded 1790 times and remains available for download from the repository. Checkmarxwho discovered the package said that the malicious code was strategically injected into version 1.3.4 every other…
November 28, 2024Hacker newsCloud Security / Threat Detection Serverless environments using services like AWS Lambda offer incredible benefits in terms of scalability, efficiency, and reduced operational costs. However, securing these environments is extremely difficult. The core of modern serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here’s the problem with that: 1. Logs tell only part of the story Logs can track external activity, but they do not provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function…
November 28, 2024Ravi LakshmananWindows Security / Cryptomining A popular open source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting more than 17,000 systems since at least June 2024. “Cybercriminals used the Godot Engine to execute crafted GDScript code that runs malicious commands and delivers malware,” Check Point reported. said in a new analysis published Wednesday. “The method remains undetected by almost all antivirus engines on VirusTotal.” It’s no surprise that threat actors are constantly looking for new tools and techniques that can help them deliver malware, bypassing security detection, even as…
November 28, 2024Ravi LakshmananNetwork Security / Cyber Espionage US telecommunications service provider T-Mobile said it had recently discovered attempts by attackers to infiltrate its systems in recent weeks, but noted that no sensitive data had been accessed. Those intrusion attempts “came from an ISP’s ISP network that was connected to ours,” said Jeff Simon, T-Mobile’s chief security officer. said in the statement. “We don’t see any previous attempts like this.” Additionally, the company said its security measures prevented threat actors from disrupting its services or obtaining customer information. He has since confirmed that he has disconnected from the unnamed provider’s…