Author: Admin
August 16, 2024Ravi LakshmananCyber attack / malware Chinese-speaking users are being targeted by a malware distribution campaign known as ValleyRAT. “ValleyRAT is a multi-stage malware that uses various techniques to monitor and control its victims and deploy arbitrary plugins to cause additional damage,” Fortinet FortiGuard Labs researchers Eduardo Altarez and Joey Salvio said. “Another noteworthy characteristic of this malware is its heavy use of shellcode to execute many components directly in memory, which significantly reduces its file footprint on the victim’s system.” Details about the promotion appeared for the first time in June 2024, when Zscaler ThreatLabz detailed attacks using…
August 16, 2024Ravi LakshmananMalware / Browser Security Cybersecurity researchers have discovered a new malware-stealing malware specifically designed for Apple’s macOS systems. Under the name Banshee Stealer, it is offered for sale in the cybercriminal underground for a hefty price of $3,000 per month and runs on both x86_64 and ARM64 architectures. “Banshee Stealer targets a wide range of browsers, cryptocurrency wallets and around 100 browser extensions, making it a very versatile and dangerous threat” – Elastic Security Labs said in a report on Thursday. Web browsers and crypto wallets targeted by the malware include Google Chrome, Mozilla Firefox, Brave, Microsoft…
August 16, 2024Ravi LakshmananMobile Security / Software Security A large percentage of proprietary Google Pixel devices shipped worldwide since September 2017 included broken software that could be used to orchestrate malicious attacks and spread various types of malware. The problem appears as a pre-installed Android app called “Showcase.apk” that has excessive system privileges, including the ability to remotely execute code and install arbitrary packages on the device, according to mobile security company iVerify. “The application downloads a configuration file over an unsecured connection and can be manipulated to execute system-level code,” it said. said in an analysis published jointly with…
August 15, 2024Ravi LakshmananEnterprise Security / Vulnerability SolarWinds has released patches to address a critical security vulnerability in its web help software that could be used to execute arbitrary code on sensitive instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), was described as a deserialization bug. “SolarWinds Web Help Desk has been found to be vulnerable to a remote Java deserialization code execution vulnerability that, if exploited, would allow an attacker to execute commands on a host machine,” the company said in a statement. said in the consulting room. “Although this was reported as an unauthenticated vulnerability, SolarWinds was…
August 15, 2024Ravi LakshmananRansomware / Cybercrime A cybercriminal group linked to RansomHub ransomware has been spotted using a new tool designed to shut down endpoint detection and response (EDR) software on compromised hosts, joining other similar programs such as AuKill (aka AvNeutralizer) and Terminator. The EDR kill utility was named EDRKillShifter by cybersecurity firm Sophos, which discovered the tool in connection with a botched ransomware attack in May 2024. “The EDRKillShifter tool is a ‘bootloader’ executable – a delivery mechanism for a legitimate exploitable driver (also known as a ‘bring your own vulnerable driver’ or BEUDtool),” security researcher Andreas Klopsch…
August 15, 2024Ravi LakshmananCyber Attack / Social Engineering Russian and Belarusian non-profit organizations, Russian independent media and international NGOs operating in Eastern Europe have been targeted by two separate phishing campaigns organized by threat actors whose interests align with those of the Russian government. While one of the companies – named Fish River – was credited COLDRIVERby a controversial group linked to Russia’s Federal Security Service (FSB), a second series of attacks was recognized as the work of a previously undocumented threat cluster codenamed COLDWASTREL. According to a joint investigation by Access Now and Citizen Lab, the campaigns also targeted…
August 15, 2024Hacker newsIdentity Security / Threat Detection The emergence of threat detection identification and response Identity Threat Detection and Response (ITDR) has become a critical component to effectively detect and respond to identity-based attacks. Threat actors have demonstrated their ability to compromise identity infrastructure and move into IaaS, Saas, PaaS and CI/CD environments. Threat identification and response solutions help organizations better detect suspicious or malicious activity in their environment. ITDR solutions empower security teams to help teams answer the question “What is happening in my environment right now – what are my individuals doing in my environment.” Human and…
August 15, 2024Ravi LakshmananCyber espionage / data theft A previously unknown threat actor was attributed to a series of attacks on Azerbaijan and Israel to steal sensitive data. The attack campaign, discovered by NSFOCUS on July 1, 2024, used phishing emails to target Azerbaijani and Israeli diplomats. Activity is tracked under a pseudonym Actor 240524. “Actor240524 has the ability to steal secrets and modify file data using various countermeasures to avoid over-disclosure of attack tactics and methods,” the cybersecurity company said. said in an analysis published last week. Attack chains begin by using phishing emails containing Microsoft Word documents that,…
August 15, 2024Ravi LakshmananCloud Security / DevOps Duplicated newly discovered attack vector in GitHub Actions artifacts ArtiPACKED can be used to capture storage and gain access to organizations’ cloud environments. “A combination of misconfigurations and security flaws can lead to token artifacts leaking from both third-party cloud services and GitHub tokens, making them available for use by anyone with read access to the repository,” Yaran Avital, Division 42 Researcher at Palo Alto Networks . said in a report released this week. “This allows attackers with access to these artifacts to potentially compromise the services these secrets provide access to.” The…
August 15, 2024Ravi LakshmananNetwork Security / Cybercrime Cyber security researchers have discovered a new variant Gaffit botnet targeting machines with weak SSH passwords for ultimate cryptocurrency mining on compromised instances using GPU processing power. This suggests that “the IoT botnet is targeting more reliable servers running in native cloud environments,” said Aqua Security researcher Assaf Morag said in the analysis on Wednesday. Gafgit (aka BASHLIT, Lizkebab, and Torlus), known as active in the wild since 2014, has a history exploiting weak or standard credentials to gain control over devices such as routers, cameras, and digital video recorders (DVRs). It is…