Author: Admin
January 23, 2025Ravi LakshmananMalware / Enterprise Security Juniper Networks’ enterprise-class routers have been targeted by a custom backdoor in a campaign called J-magic. According to the Black Lotus Labs team at Lumen Technologies, this activity got its name because the backdoor continuously tracks the “magic packet” sent by the threat in TCP traffic. “J-magic is reporting a rare case of malware specifically designed for JunoOS, which serves a similar market but relies on a different operating system, a variant of FreeBSD,” the company said in a statement. said in a report shared with The Hacker News. Data collected by the…
January 23, 2025Ravi LakshmananPhishing / Malware Cybersecurity researchers are turning their attention to a new malware campaign that uses fake CAPTCHA checks to deliver the infamous Lamma information stealer. “The campaign is global, and Netskope Threat Labs is tracking victims in Argentina, Colombia, the United States, the Philippines, and other countries around the world,” said the report shared with The Hacker News. “The campaign also spans multiple industries, including healthcare, banking and marketing, with the telecommunications industry having the largest number of targeted organizations.” The attack chain begins when the victim visits a compromised website that directs them to a…
January 23, 2025Ravi LakshmananFirmware Security / Vulnerability A comprehensive evaluation of three firewall models from Palo Alto Networks found numerous known security flaws affecting the devices’ firmware as well as misconfigured security features. “These were not obscure vulnerabilities in the corner,” security vendor Eclypsium said in a report shared with The Hacker News. “Instead, these were very well-known issues that we didn’t expect to see even on a consumer-grade laptop. These issues could allow attackers to bypass even the most basic integrity protections, such as Secure Boot, and modify the device’s firmware if used.” The company said it analyzed three…
Are your websites leaking sensitive data? New research shows that 45% of third-party apps gain access to user information without proper permission, and 53% of retail risks are linked to overuse of tracking tools. Learn how to identify and mitigate these hidden threats and risks — download the full report here. New research web exposure management specialist Reflectiz reveals some alarming findings about the large number of website vulnerabilities that organizations across many industries are needlessly exposed to. For example, one great statistic from the report is this 45% of third-party applications access sensitive user information without a valid reason.…
January 23, 2025Ravi LakshmananThreat Intelligence / Data Breach Analysis of the HellCat and Morpheus ransomware operations revealed that affiliates associated with the respective cybercrime actors use identical code for their ransomware. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same author in late December 2024. “These two payload samples are identical except for the victim’s specific details and the attacker’s contact details,” security researcher Jim Walter said in a new report shared with The Hacker News. Both HellCat and Morpheus are new entrants to the ransomware ecosystem, appearing in October and…
January 23, 2025Ravi LakshmananVulnerability / Network Security SonicWall is warning customers about a critical security flaw affecting its 1000 Series Secure Mobile Access (SMA) appliances, which it says have likely been used in the wild as a zero-day. Vulnerability, tracked as CVE-2025-23006rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. “A pre-authentication untrusted data deserialization vulnerability has been discovered in the SMA1000 Device Management Console (AMC) and Central Management Console (CMC), which under certain conditions could potentially allow a remote, unauthenticated attacker to execute arbitrary OS commands,” the company said in a statement. said in the…
Despite significant investment in advanced technology and employee training programs, credential- and user-based attacks remain highly prevalent, accounting for 50-80% of enterprise breaches(1),(2). While identity-based attacks continue to dominate as the primary cause of security incidents, the general approach to identity security threats is still threat mitigation, implementing layers of controls to reduce risk, while recognizing that some attacks will be successful. This methodology relies on detection, response and recovery capabilities to minimize damage after a breach has already occurred, but it does not prevent the possibility of successful attacks. Good news? Finally, there is a solution that represents a…
January 23, 2025Ravi LakshmananMalware / Threat Intelligence Cyber security researchers have opened details of a new BackConnect (BC) malware developed by threat actors associated with the infamous QakBot bootloader. “BackConnect is a common feature or module used by threat actors to maintain persistence and accomplish tasks,” Walmart’s Cyber Intelligence team told The Hacker News. “BackConnect used were “DarkVNC” next to IcedID BackConnect (Keyhole).” The company noted that the BC module was found in the same infrastructure distributed by another malware loader called ZLoader, which was recently updated to enable a Domain Name System (DNS) tunnel for command and control (C2)…
January 23, 2025Ravi LakshmananNetwork Security / Vulnerability Cisco has released software updates to address a critical security flaw affecting meeting management that could allow an authenticated remote attacker to gain administrative privileges in sensitive cases. The vulnerability, tracked as CVE-2025-20156, has a CVSS score of 9.9 out of 10.0. This has been described as a privilege escalation flaw in the Cisco Meeting Management REST API. “This vulnerability exists because proper authorization is not performed for REST API users,” the company said said in consultation on Wednesday. “An attacker could exploit this vulnerability by sending API requests to a specific endpoint.”…
January 23, 2025Ravi LakshmananCloud Security / Cryptojacking Google on Wednesday shed light on a financially motivated threat actor by name TRIPLE POWER for opportunistically targeting cloud environments for cryptojacking and local ransomware attacks. “This actor engaged in a variety of threats, including cryptocurrency mining operations on compromised cloud resources and ransomware,” the tech giant’s cloud division said in a statement. 11th Threat Horizons Report. TRIPLESTRENGTH engages in a trio of malicious attacks including illegal cryptocurrency mining, ransomware and extortion, and advertising access to various cloud platforms including Google Cloud, Amazon Web Services, Microsoft Azure, Linode, OVHCloud and Digital Ocean to…