Author: Admin
November 27, 2024Ravi LakshmananSoftware Vulnerability / Security A critical security flaw affecting the open-source file-sharing program ProjectSend is likely to be actively exploited in the wild, according to findings by VulnCheck. The vulnerability, originally patched over a year and a half ago as part of a to commit released in May 2023, not officially available until August 2024. along with Release of version r1720. As of November 26, 2024, it has been assigned a CVE ID CVE-2024-11680 (CVSS Score: 9.8). Synacktiv, which reported the flaw to project developers in January 2023, described it as an improper authorization check that would…
Multi-stage cyber attacks, characterized by complex execution chains, are designed to avoid detection and give victims a false sense of security. Knowing how they work is the first step to building a solid defense strategy against them. Let’s look at real-world examples of some of the most common multi-stage attack scenarios in action right now. URLs and other embedded content in documents Attackers often hide malicious links in seemingly legitimate documents, such as PDF or Word files. After opening the document and clicking on the embedded link, users are directed to a malicious website. These sites often use trickery tactics…
November 27, 2024Ravi LakshmananLinux / Malware Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI). butkit intended for Linux systems. Duplicated Butkitty by its creators, who go by the name BlackCat, the butkit is rated as a proof of concept (PoC) and there is no evidence that it has been used in actual attacks. Also tracked as IranuKitit was loaded to the VirusTotal platform on November 5, 2024. “The main purpose of the bootkit is to disable the kernel signature verification feature and preload two as-yet-unknown ELF binaries through the Linux…
November 27, 2024Ravi LakshmananMalware / cyber espionage A threat actor known as APT-C-60 was linked to a cyberattack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. This follows JPCERT/CC findings, which say the intrusion used legitimate services such as Google Drive, Bitbucket and StatCounter. The attack was carried out around August 2024. “In this attack, an email purporting to be from a potential employee was sent to a recruiting contact, infecting the contact with malware,” the agency reported. said. APT-C-60 is an alias appointed a cyberespionage group known to target East…
November 27, 2024Ravi LakshmananCyber Crime / Financial Fraud The Interpol-led operation resulted in the arrest of 1,006 suspects in 19 African countries and the destruction of 134,089 malicious infrastructures and networks as part of a coordinated effort to end cybercrime on the continent. Duplicated Serengetilaw enforcement exercises were held from September 2 to October 31, 2024. and were targeted at criminals behind ransomware, business email breaching (BEC), digital extortion and online fraud. Algeria, Angola, Benin, Cameroon, Ivory Coast, Democratic Republic of Congo, Gabon, Ghana, Kenya, Mauritius, Mozambique, Nigeria, Rwanda, Senegal, South Africa, Tanzania, Tunisia, Zambia, and Zimbabwe participated in the…
November 27, 2024Ravi LakshmananIoT Security / Network Security A threat actor called Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that exploits vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. “This operation serves as an end-to-end package for scanning, exploiting vulnerabilities, deploying malware, and configuring shop kits, demonstrating a self-contained approach to cyber attacks,” Assaf Morag, director of threat intelligence at Cloud Security. Aqua company said. There is evidence that the operation is the work of a lone wolf actor, a screenwriter of Russian origin. The attacks mainly targeted…
A China-linked threat actor known as Earth Estries has been spotted using a previously undocumented backdoor called GHOSTSPIDER as part of attacks on Southeast Asian telecommunications companies. Trend Micro which described hacker group Aggressive Advanced Persistent Threat (APT), said the intrusions also involved the use of another cross-platform backdoor called MASOL RAT (aka Backdr-NQ) on Linux systems belonging to Southeast Asian government networks. In total, Earth Estries is estimated to have successfully compromised more than 20 organizations spanning the telecommunications, technology, consulting, chemical and transportation industries, government agencies, and the non-profit organization (NGO) sector. Victims have been identified in more…
November 26, 2024Ravi LakshmananWebsite Vulnerability / Security Two critical security flaws affecting spam protection, the anti-spam plugin, and the WordPress firewall could allow unauthenticated attackers to install and enable malicious plugins on sensitive sites and potentially achieve remote code execution. Vulnerabilities tracked as CVE-2024-10542 and CVE-2024-10781have a CVSS score of 9.8 out of a maximum of 10.0. These were addressed in versions 6.44 and 6.45 released this month. Installed on over 200,000 WordPress sites, CleanTalk Spam Protection, Anti-Spam and FireWall Plugin is advertised as an “all-in-one anti-spam plugin” that blocks spam comments, signups, surveys, and more. According to Wordfence, both…
November 26, 2024Hacker newsPentest / Vulnerability Assessment When CVEs go viral, separating critical vulnerabilities from the noise is critical to protecting your organization. That’s why we built Intruder, the leader in attack surface management Intel – a free vulnerability intelligence platform designed to help you act quickly and prioritize real threats. What is Intel? Intel was created to fill the gap in resources available to track new vulnerabilities. When one of Intruder’s core tools shut down last year, the team set out to create a solution that would not only meet their needs, but also benefit the broader information sector.…
November 26, 2024Ravi LakshmananVulnerability / Cybercrime Russian threat actor known as RomCom was linked to the exploitation of two zero-day security flaws, one in Mozilla Firefox and the other in Microsoft Windows, in attacks aimed at delivering a backdoor of the same name to victim systems. “In a successful attack, when the victim views a web page containing the exploit, the adversary can run arbitrary code – without the need for user interaction (zero click) – which in this case resulted in the RomCom backdoor being installed on the victim’s computer,” it said ESET messages the report shared with The…