Author: Admin

December 11, 2024Ravi LakshmananVulnerability / Network Security Ivanti has released security updates to address multiple critical vulnerabilities in its Cloud Services Application (CSA) and Connect Secure products that could lead to elevation of privilege and code execution. The list of vulnerabilities is as follows – CVE-2024-11639 (CVSS Score: 10.0) – Authentication bypass vulnerability in the Ivanti CSA Web Admin Console before 5.0.3 could allow a remote, unauthenticated attacker to gain administrative access CVE-2024-11772 (CVSS Score: 9.1) – Command execution vulnerability in the Ivanti CSA Web Admin Console before version 5.0.3 allows a remote authenticated attacker with administrative privileges to achieve…

December 10, 2024Ravi LakshmananMalware / cyber attacks Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of a new series of cyber attacks that it says have targeted the country’s defense companies, as well as its security and defense forces. Phishing attacks have been attributed to a Russian-linked threat called UAC-0185 (aka UNC4221), which has been in effect since at least 2022. “Phishing letters imitated the official messages of the Ukrainian Union of Industrialists and Entrepreneurs”, — CERT-UA said. “The e-mails advertised a conference held on December 5 in Kyiv aimed at bringing the products of domestic defense industry enterprises into…

December 10, 2024Ravi LakshmananVulnerability / threat analysis Users of file transfer software run by Cleo are advised to ensure that their copies do not end up on the Internet following reports of widespread exploitation of the vulnerability affecting fully patched systems. Huntress Cyber ​​Security Company said December 3, 2024 he found evidence that threat actors are massively exploiting the issue. The vulnerability affecting Cleo LexiCom, VLTransfer, and Harmony software relates to an unauthenticated remote code execution scenario. There is security is tracked as CVE-2024-50623, with Cleo noting that the flaw is the result of an unrestricted file download that could…

December 10, 2024Ravi LakshmananMobile Security / Cryptocurrency Cybersecurity researchers shed light on sophisticated mobile phishing (aka mishing) company that is intended to distribute the updated version Antidote banking trojan. “Attackers posed as recruiters, luring unsuspecting victims with job offers,” Zimperium zLabs researcher Vishnu Pratapagiri said in a new report. “As part of the fraudulent recruitment process, the phishing company forces victims to download a malicious application that acts as a dropper, ultimately installing an updated variant of Antidot Banker on the victim’s device.” New version Malicious programs for Android has been codenamed AppLite Banker by a mobile security company, highlighting…

December 10, 2024Ravi LakshmananCyber ​​Espionage / Hacking News A suspected cyberespionage group with links to China has been credited with attacks targeting major IT business-to-business service providers in southern Europe in a campaign codenamed Operation Digital Eye.. Cyber ​​security companies SentinelOne SentinelLabs and Tinexta Cyber ​​said in a joint report shared by The Hacker News that the intrusions took place between late June and mid-July 2024, adding that the activities were detected and neutralized before they could move to the phase data theft. “The intrusions could have given adversaries the opportunity to establish strategic footholds and compromise downstream actors,” security…

December 10, 2024Hacker newsVulnerability / Perimeter security In today’s rapidly evolving threat landscape, protecting your organization from cyber attacks is more important than ever. Traditional penetration testing (pentesting), although effective, often fails due to high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution that empowers organizations to stay ahead of attackers with cost-effective, frequent and thorough security assessments. Strengthen Your Defenses: The Role of Internal and External Pentests Effective cybersecurity requires dealing with threats both inside and outside your organization. Automated solutions streamline this process, allowing IT groups to implement a holistic…

December 10, 2024Ravi LakshmananCybercrime / Vishing Authorities in Belgium and the Netherlands have arrested eight people suspected of involvement in a “phone phishing” ring that operated primarily from the Netherlands to steal victims’ financial data and funds. As part of the international operation, law enforcement agencies conducted 17 searches in various places in Belgium and the Netherlands, Europol reports. In addition, large amounts of cash, firearms, as well as electronic devices, high-end watches and jewelry were seized. “In addition to conducting large-scale phishing campaigns and attempting to access financial data over the phone or online, the suspects also posed as…

December 10, 2024Hacker newsMalware / Cyber ​​Threat Analysis Cyber ​​attackers never stop inventing new ways to compromise their targets. That’s why organizations need to be aware of the latest threats. Here’s a quick overview of the current malware and phishing attacks you need to be aware of to protect your infrastructure before they get to you. Zero-day attack: Corrupted malicious files are not detected by most security systems The team of analysts of St ANYONE. RUN recently shared their analysis of the current zero-day attack. It has been active since at least August, and to this day remains undetected by…

December 9, 2024Ravi LakshmananThreat Intelligence / Malware Threat actors associated with Black Basta ransomware have been observed to switch their social engineering tacticsdistributing a different set of payloads, e.g Zbot and DarkGate from the beginning of October 2024. “Users in the target environment will be bombarded with email from the threat, which is often achieved by registering the user’s email to multiple mailing lists at the same time,” Rapid7. said. “After email bomb, threat actor will reach out to affected users.” How is observed back in August, attackers made their first contact with potential targets in Microsoft Teams by impersonating…

Calling a malicious botnet Socks5Systemz according to Bitsight’s new findings, a proxy service called PROXY.AM is operating. “Malware proxies and services allow other types of criminal activity to add uncontrollable levels of anonymity to threat actors so they can perform all kinds of malicious activities by exploiting chains of victim systems,” the company’s security research team said in an analysis published last week. The disclosure comes just weeks after Black Lotus Labs’ team with Lumen Technologies revealed that systems compromised by another malware known as Ngioweb are being used as residential proxies for NSOCKS. Originally touted in the cybercrime underground…