Author: Admin
January 13, 2025Ravi LakshmananVulnerability / Cloud Security A critical security flaw has recently been discovered that affects the Aviatrix controller the cloud network platform is being actively exploited in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it is currently responding to “several incidents” involving weapons CVE-2024-50603 (CVSS Score: 10.0), a maximum severity bug that could lead to unauthenticated remote code execution. In other words, successful exploitation of the flaw could allow an attacker to execute malicious operating system commands due to certain API endpoints not properly sanitizing user input. The vulnerability was fixed in…
January 13, 2025Hacker newsThreat detection / network security In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, and the average ransom demand skyrocketed to $5 million. With approximately 8,000 ESXi hosts exposed to direct Internet access (according to Shodan), the operational and business impact of these attacks is profound. Most of the ransomware currently attacking ESXi servers are variants of the infamous Babuk ransomware, designed to evade detection by security tools. Moreover, availability is becoming more widespread as attackers monetize their entry points by selling Initial Access to other threat actors, including ransomware groups. As organizations face complex…
January 13, 2025Ravi LakshmananMalware / Domain Security At least 4,000 unique web backdoors previously deployed by various threat actors were captured by taking control of abandoned and outdated infrastructure for as little as $20 per domain. Cybersecurity company watchTowr Labs said it completed the operation, registering more than 40 domain names that the backdoors were designed to use for command and control purposes (C2). In partnership with the Shadowserver Foundation, the domains involved in the study were processed. “We hijacked backdoors (that depended on now-abandoned infrastructure and/or expired domains) that existed inside backdoors themselves, and have watched the results flow…
Cyber security researchers are warning about the emergence of a new stealth credit card skimmer company which targets WordPress e-commerce pages by inserting malicious JavaScript code into a database table linked to the content management system (CMS). “This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database records to steal sensitive payment details,” Sucuri researcher Pooja Srivastava said in a new analysis. “The malware is activated specifically on checkout pages, either by hijacking existing payment fields or by entering a fake credit card form.” Website security company owned by GoDaddy says it has discovered malware embedded…
January 11, 2025Ravi LakshmananAI Security / Cyber Security Microsoft has shown that it is pursuing legal action against a “foreign threat group” for operating a hacking-as-a-service infrastructure to deliberately bypass security controls on its generative artificial intelligence (AI) services and create offensive and harmful content. The tech giant’s digital crime unit (DCU) said it observed threat actors “developing sophisticated software that uses exposed customer credentials taken from public websites” and “trying to identify and illegally access accounts with certain generative artificial intelligence services and intentionally alter the capabilities of those services.” Adversaries then used these services, such as Azure OpenAI…
January 11, 2025Ravi LakshmananFinancial Crime / Cryptocurrency The US Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in running cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Aleynik were arrested on December 1, 2024 in coordination with the Financial Intelligence and Investigation Service of the Netherlands, the National Bureau of Investigation of Finland and the Federal Bureau of Investigation (FBI) of the United States. It is not known where they were detained. The third person, Anton Vyachalavovich Tarasov, is still at large. The defendants are accused of operating cryptocurrency mixers…
January 10, 2025Ravi LakshmananCrypto mining / malware Cybersecurity firm CrowdStrike is warning of a phishing campaign using its own brand to distribute a cryptocurrency miner disguised as an employee CRM application as part of an alleged recruitment process. “The attack begins with a phishing email that mimics CrowdStrike recruitment, directing recipients to a malicious website,” the company said in a statement. said. “Victims are encouraged to download and run a fake application that serves as a bootloader for the XMRig cryptominer.” The Texas-based company said it discovered the malicious campaign on January 7, 2025, and that it was “aware of…
January 10, 2025Ravi LakshmananCyber espionage / Cyber attack Mongolia, Taiwan, Myanmar, Vietnam and Cambodia have been targeted by China-linked RedDelta threat to deliver a customized version of the PlugX backdoor between July 2023. until December 2024. “The group used eye-catching documents on Taiwan’s 2024 presidential candidate Terry Gou, Vietnam’s national holidays, flood protection in Mongolia and invitations to meetings, including the Association of Southeast Asian Nations (ASEAN) meeting,” Insikt Group Recorded Future said in a new analysis. The threat actor is believed to have compromised the Ministry of Defense of Mongolia in August 2024. and the Communist Party of Vietnam…
January 10, 2025Ravi LakshmananArtificial Intelligence / Cybercrime Cyber security researchers shed light on nascent family of artificial intelligence (AI) ransomware FunkSec which originated in late 2024 and has claimed more than 85 lives to date. “The group uses a two-pronged extortion tactic, combining data theft with encryption to force victims to pay the ransom,” Check Point Research notes. said in a new report shared with The Hacker News. “Notably, FunkSec demanded unusually low ransoms, sometimes as low as $10,000, and sold the stolen data to third parties at discounted prices.” FunkSec launched its Data Leakage Site (DLS) in December 2024…
Cybersecurity reporting is an important but often overlooked capability for service providers who manage cybersecurity for their customers, and in particular for virtual chief information security officers (vCISOs). While reporting is seen as a requirement for tracking cybersecurity progress, it’s often bogged down with technical jargon, complex data, and disjointed spreadsheets that don’t resonate with decision makers. The result? Clients who struggle to understand the value of your work and remain insecure about their safety. But what if reporting could be turned into a strategic tool for aligning cybersecurity with business goals? What if your reports empowered customers, built trust,…