Author: Admin
Cybersecurity researchers have discovered a new surveillance program believed to be used by police departments in China as a legitimate interception tool to collect a wide range of information from mobile devices. Lookout’s Android tool, codenamed EagleMsgSpy, has been around since at least 2017 with artifacts loaded to the VirusTotal malware scanning platform only on September 25, 2024. “The surveillance software consists of two parts: an APK installer and a surveillance client that runs headless on the device after installation,” Christina Balaam, Lookout’s senior threat intelligence officer, said in a technical the report shared with The Hacker News. “EagleMsgSpy collects…
December 11, 2024Hacker newsSaaS Security / Endpoint Security In today’s highly distributed workplace, every employee has the ability to act as their own CIO, implementing new cloud and SaaS technologies whenever and wherever they want. While this has been a critical boon for productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world’s first and only all-in-one solution SaaS management in one solution: Opening: Gain visibility into your complete SaaS footprint, including GenAI apps, free tools, tenant duplicates, deprecated apps, and more, all on day one. Security: Protect…
Microsoft has closed its Patch Tuesday updates for 2024 with fixes for a a total of 72 security flaws covers his software portfolio, including one he says has been used in the wild. Of the 72 deficiencies, 17 are rated critical, 54 are important, and one is of moderate severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow elevation of privilege. This is in addition to 13 weaknesses the company has addressed in its Chromium-based Edge browser since its release last month’s security update. In total, Microsoft patched 1,088 vulnerabilities in 2024 on Fortra…
December 11, 2024Ravi LakshmananVulnerability / data breach On Tuesday, the US government dropped charges against a Chinese national for allegedly hacking thousands of Sophos firewalls around the world in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked for Sichuan Silence Information Technology Company, Limited, was charged with conspiracy to commit computer fraud and conspiracy to commit electronic network fraud. Guan was accused of developing and testing a zero-day vulnerability that was used to launch attacks against Sophos firewalls. “Guan Tianfeng is wanted for his alleged role in a conspiracy to gain unauthorized access to Sophos…
December 11, 2024Ravi LakshmananVulnerability / Network Security Ivanti has released security updates to address multiple critical vulnerabilities in its Cloud Services Application (CSA) and Connect Secure products that could lead to elevation of privilege and code execution. The list of vulnerabilities is as follows – CVE-2024-11639 (CVSS Score: 10.0) – Authentication bypass vulnerability in the Ivanti CSA Web Admin Console before 5.0.3 could allow a remote, unauthenticated attacker to gain administrative access CVE-2024-11772 (CVSS Score: 9.1) – Command execution vulnerability in the Ivanti CSA Web Admin Console before version 5.0.3 allows a remote authenticated attacker with administrative privileges to achieve…
December 10, 2024Ravi LakshmananMalware / cyber attacks Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of a new series of cyber attacks that it says have targeted the country’s defense companies, as well as its security and defense forces. Phishing attacks have been attributed to a Russian-linked threat called UAC-0185 (aka UNC4221), which has been in effect since at least 2022. “Phishing letters imitated the official messages of the Ukrainian Union of Industrialists and Entrepreneurs”, — CERT-UA said. “The e-mails advertised a conference held on December 5 in Kyiv aimed at bringing the products of domestic defense industry enterprises into…
December 10, 2024Ravi LakshmananVulnerability / threat analysis Users of file transfer software run by Cleo are advised to ensure that their copies do not end up on the Internet following reports of widespread exploitation of the vulnerability affecting fully patched systems. Huntress Cyber Security Company said December 3, 2024 he found evidence that threat actors are massively exploiting the issue. The vulnerability affecting Cleo LexiCom, VLTransfer, and Harmony software relates to an unauthenticated remote code execution scenario. There is security is tracked as CVE-2024-50623, with Cleo noting that the flaw is the result of an unrestricted file download that could…
December 10, 2024Ravi LakshmananMobile Security / Cryptocurrency Cybersecurity researchers shed light on sophisticated mobile phishing (aka mishing) company that is intended to distribute the updated version Antidote banking trojan. “Attackers posed as recruiters, luring unsuspecting victims with job offers,” Zimperium zLabs researcher Vishnu Pratapagiri said in a new report. “As part of the fraudulent recruitment process, the phishing company forces victims to download a malicious application that acts as a dropper, ultimately installing an updated variant of Antidot Banker on the victim’s device.” New version Malicious programs for Android has been codenamed AppLite Banker by a mobile security company, highlighting…
December 10, 2024Ravi LakshmananCyber Espionage / Hacking News A suspected cyberespionage group with links to China has been credited with attacks targeting major IT business-to-business service providers in southern Europe in a campaign codenamed Operation Digital Eye.. Cyber security companies SentinelOne SentinelLabs and Tinexta Cyber said in a joint report shared by The Hacker News that the intrusions took place between late June and mid-July 2024, adding that the activities were detected and neutralized before they could move to the phase data theft. “The intrusions could have given adversaries the opportunity to establish strategic footholds and compromise downstream actors,” security…
December 10, 2024Hacker newsVulnerability / Perimeter security In today’s rapidly evolving threat landscape, protecting your organization from cyber attacks is more important than ever. Traditional penetration testing (pentesting), although effective, often fails due to high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution that empowers organizations to stay ahead of attackers with cost-effective, frequent and thorough security assessments. Strengthen Your Defenses: The Role of Internal and External Pentests Effective cybersecurity requires dealing with threats both inside and outside your organization. Automated solutions streamline this process, allowing IT groups to implement a holistic…