Author: Admin
January 9, 2025Hacker newsData Protection / Encryption Ransomware isn’t slowing down—it’s getting smarter. Encryption, designed to keep our online lives safe, is now being used by cybercriminals to hide malware, steal data and avoid detection.The result? A 10.3% spike in encrypted attacks over the past year and some of the most shocking ransom payments in history, including a $75 million ransom in 2024. Are you ready to fight back? Join us Emily Lauferdirector of product marketing at Zscaler, for an introductory session, “Preparing for ransomware and encrypted attacks in 2025”, filled with practical ideas and cutting-edge strategies to outsmart these…
January 9, 2025Ravi LakshmananCyber Security / Malware Japan’s National Police Agency (NPA) and the National Cyber Security Strategy and Incident Preparedness Center (NCSC) have accused a China-linked threat actor named MirrorFace of orchestrating an ongoing campaign of attacks against organizations, businesses and individuals in the country since 2019. The main goal of the attack campaign is to steal information related to Japan’s national security and advanced technology, the agency said. MirrorFace, also tracked as Earth Kasha, is believed to be a subset of APT10. It has a track record of systematically attacking Japanese organizations, often using tools such as ANEL,…
January 9, 2025Ravi LakshmananVulnerability / Threat Intelligence Threat actors attempt to take advantage of a newly discovered security flaw that affects GFI KerioControl firewalls that, if successfully exploited, could allow attackers to achieve remote code execution (RCE). The vulnerability under question CVE-2024-52875refers to a carriage return string transmission (CRLF) injection attack, paving the way for Splitting the HTTP responsewhich could lead to a cross-site scripting (XSS) flaw. Successful exploitation of the 1-click RCE flaw allows an attacker to inject malicious input into HTTP response headers by entering carriage return (\r) and line feed (\n) characters. The issue affects KerioControl versions…
January 9, 2025Ravi LakshmananData Privacy / GDPR The European General Court on Wednesday fined the European Commission, the European Union’s main executive body responsible for proposing and enforcing laws for member states, for breaching the bloc’s own data privacy rules. The event marked the first time the Commission had been prosecuted for breaching the region’s strict data protection laws. Court is determined that a “sufficiently serious breach” was committed by transmitting a German citizen’s personal data, including his IP address and web browser metadata, to a Meta server in the United States while visiting the now-defunct website futureu.europa(.)eu in March…
Ivanti warns that from mid-December 2024. a critical security flaw affecting Ivanti Connect Secure, Policy Secure and ZTA Gateways has become actively exploited. Security vulnerability addressed CVE-2025-0282 (CVSS Score: 9.0), stack-based buffer overflow affecting Ivanti Connect Secure before 22.7R2.5, Ivanti Policy Secure before 22.7R1.2, and Ivanti Neurons for ZTA Gateways before 22.7R2.3. “Successful exploitation of CVE-2025-0282 could lead to remote code execution without authentication,” Ivanti said in an advisory. “Threat actor activity was detected by the Integrity Check Tool (ICT) on the same day, allowing Ivanti to respond promptly and quickly develop a fix.” The company also fixed another high-severity…
Cybersecurity researchers have found that attackers continue to find success by spoofing sender email addresses as part of various spam campaigns. Forging the sender address of an email is widely seen as an attempt to make a digital message appear more legitimate and bypass security mechanisms that might otherwise flag it as malicious. While there is guarantees such as DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC) and Sender Policy Framework (SPF), which can be used to prevent spammers from spoofing well-known domains, this increasingly forces them to use old, derelict domains in their activities. In doing…
January 8, 2025Hacker newsMalware / Windows Security Cybersecurity researchers have shed light on a new remote access Trojan called Non-Euclid which allows attackers to remotely control compromised Windows systems. “Developed in C#, the NonEuclid Remote Access Trojan (RAT) is a highly sophisticated malware offering unauthorized remote access with advanced evasion techniques” – Cyfirma said in a technical analysis published last week. “It uses a variety of mechanisms, including antivirus bypass, privilege escalation, anti-detection, and ransomware encryption to target sensitive files.” NonEuclid has been advertised on underground forums since at least late November 2024. with tutorials and discussions of malware discovered…
2024 saw many high-profile cyber attacks, with major companies such as Dell and TicketMaster falling victim to data breaches and other infrastructure breaches. In 2025, this trend will continue. Therefore, to be prepared for any malware attacks, every organization must know their cyber enemy in advance. Here are 5 common malware families you can start preparing against right now. Lamma Lumma is a widely available malware designed to steal sensitive information. It has been openly sold on the Dark Web since 2022. This malware can effectively collect and extract data from targeted applications, including login credentials, financial information, and personal…
January 8, 2025Ravi LakshmananIoT Security / Compliance The US government on Tuesday announced launch of the US Cyber Trust Mark, a new cybersecurity mark for consumer Internet of Things (IoT) devices. “IoT products may be susceptible to a number of security vulnerabilities,” notes the US Federal Communications Commission (FCC). said. “Under this program, qualifying consumer smart products that meet robust cybersecurity standards will carry a label, including a new ‘US Cyber Trust Mark.'” As part of the effort, the logo will be accompanied by a QR code that users can scan, taking them to an information register with easy-to-understand details…
January 8, 2025Ravi LakshmananMalware / Vulnerability A variant of the Mirai botnet has been found to be exploiting a recently discovered security flaw affecting Four-Faith industrial routers since early November 2024 to launch distributed DDoS attacks. The botnet maintains around 15,000 daily active IP addresses, with the infection mostly spread across China, Iran, Russia, Turkey and the US. Using an arsenal of more than 20 known security vulnerabilities and weak Telnet credentials for initial access, the malware is known to have been active since February 2024. The botnet was named “gameboy” due to the offensive term present in the source…