Author: Admin
January 17, 2025Ravi LakshmananWeb Security / Botnet Cybersecurity researchers have uncovered a new campaign targeting web servers running PHP-based applications to promote gambling platforms in Indonesia. “The past two months have seen a significant number of attacks by Python-based bots, suggesting a coordinated effort to exploit thousands of web applications,” Imperva researcher Daniel Johnston said in the analysis. “These attacks appear to be related to the proliferation of gambling-related sites, potentially in response to increased government control.” The Thales-owned company said it discovered millions of requests originating from a Python client containing a command to install GSocket (aka Global Socket),…
January 17, 2025Ravi LakshmananInsider Threat / Cryptocurrency The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two individuals and four entities for their alleged involvement in illegal revenue-generating schemes for the Democratic People’s Republic of Korea (DPRK) by sending IT workers around the world for employment and clearance is a constant source of income for the regime in violation of international sanctions. “These IT workers hide their identities and locations to fraudulently obtain freelance work contracts from clients around the world for IT projects such as software and mobile application development,” the Treasury Department said.…
Austrian non-profit privacy organization None of Your Business (noyb) filed complaints accusing companies such as TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi of violating data protection rules in the European Union by illegally transferring user data to China. The advocacy group is seeking an immediate halt to such transfers, saying the companies in question cannot protect user data from potential access by the Chinese government. Complaints have been filed in Austria, Belgium, Greece, Italy and the Netherlands. “Given that China is an authoritarian surveillance state, it is quite clear that China does not offer the same level of data protection…
January 16, 2025Ravi LakshmananSpear Phishing / Threat Intelligence A Russian threat known as Star Blizzard has been linked to a new phishing campaign targeting victims’ WhatsApp accounts, marking a move away from its long-time trade in a likely attempt to avoid detection. “Star Blizzard’s targets are most often associated with government or diplomacy (both current and former), defense policy or international relations researchers whose work affects Russia, and sources of aid to Ukraine linked to the war with Russia,” Microsoft Threat. The intelligence group reported in a the report shared with The Hacker News. Star Blizzard (formerly SEABORGIUM) is a…
January 16, 2025Ravi LakshmananMalware / Ransomware Threat actors have been observed hiding malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer within separate campaigns. “At both companies, the attackers hid malicious code in images they uploaded to archive(.)org, a file hosting website, and used the same .NET loader to install the final payloads,” HP Wolf Security. said in its Q3 2024 Threat Report shared with The Hacker News. The starting point is a phishing email that disguises itself as invoices and purchase orders to trick recipients into opening malicious attachments, such as Microsoft Excel documents,…
January 16, 2025Ravi LakshmananActive Directory / Vulnerability Cybersecurity researchers have discovered that Microsoft Active Directory Group Policy designed to disable NT LAN Manager (NTLM) v1 can be bypassed simply by misconfiguration. “A simple misconfiguration in local applications can override Group Policy, effectively nullifying the Group Policy intended to stop NTLMv1 authentication,” Silverfort researcher Dor Segal said in a report shared with The Hacker News. NTLM is still a widely used mechanism, especially in Windows environments, for authenticating users over a network. The deprecated protocol, although not removed due to backwards compatibility requirements, was out of date as of mid-2024. At…
January 16, 2025Ravi LakshmananVulnerability / Cyber Security Details have emerged of a patched security vulnerability that could bypass the Secure Boot mechanism on Unified Extensible Firmware Interface (UEFI) systems. A vulnerability assigned a CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by a third-party UEFI certificate from Microsoft “Microsoft Corporation UEFI CA 2011” according to new report from ESET shared with The Hacker News. Successful exploitation of the flaw could lead to the execution of untrusted code during system boot, thereby allowing attackers to deploy malicious UEFI bootkits on machines that have Secure Boot enabled, regardless…
January 16, 2025Hacker newsCertificate Management / Compliance The digital world is exploding. IoT devices are multiplying like rabbits, certifications are piling up faster than you can count, and compliance requirements are getting tougher by the day. Keeping up with it all can feel like you’re trying to juggle chainsaws while riding a unicycle. Traditional trust management? Forget it. It’s just not built for today’s fast-paced hybrid environment. You need a solution that can handle the chaos, not add to it. Introducing DigiCert ONE: a revolutionary platform designed to simplify and automate your entire trust ecosystem. But seeing is believing, right?…
January 16, 2025Ravi LakshmananEndpoint Vulnerability / Security Ivanti has rolled out security updates to address several security vulnerabilities affecting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical vulnerabilities that could lead to information disclosure. All four critical vulnerabilities, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM and involve absolute path traversal flaws that allow a remote, unauthenticated attacker to exfiltrate sensitive information. Disadvantages are listed below – CVE-2024-10811 CVE-2024-13161 CVE-2024-13160 and CVE-2024-13159 The vulnerabilities affect EPM versions of the November 2024 security update. and earlier, as well as the SU6 November 2022…
January 16, 2025Ravi LakshmananEndpoint Security / Ransomware Cybersecurity researchers have detailed an attack in which a threat actor used a Python-based backdoor to maintain persistent access to compromised endpoints and then used that access to deploy RansomHub ransomware across the target network. According to GuidePoint Securityinitial access was facilitated by a downloaded JavaScript malware called SocGholish (aka FakeUpdates) which is known to appear distributed with the help of companies that trick unsuspecting users into downloading fake web browser updates. Such attacks are common to attract using legitimate but infected websites to which victims are redirected from search results using search…