Author: Admin
December 6, 2024Ravi LakshmananSpy software / Mobile security The Federal Security Service (FSB) has secretly installed spyware on its Android device from a Russian programmer accused of donating money to Ukraine after he was detained earlier this year. The findings were made as part of a joint investigation The first department and the University of Toronto Civil laboratory. “The spyware placed on his device allows the operator to track the target device’s location, record phone calls, keystrokes and read messages from encrypted messaging programs, among other capabilities,” the report said. In May 2024, Kiril Parubets was released out of custody…
December 6, 2024Ravi LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have discovered multiple security flaws affecting open source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that can pave the way for code execution. The vulnerabilities discovered by JFrog are part of a larger collection of 22 security flaws from the supply chain security company. disclosed for the first time last month. Unlike the first set, which included server-side flaws, the new detailed ones allow for ML clients and reside in libraries that handle safe model formats such as Keepers. “The capture of an ML client…
December 6, 2024Ravi LakshmananMalware / cybercrime Threat actors for More_eggs malware have been linked to two new malware families, indicating the expansion of their malware-as-a-service (MaaS) activities. This includes a new information-stealing backdoor called RevC2 and a bootloader codenamed Venom Loader, both of which are deployed using VenomLNK, the primary tool that serves as the initial access vector to deploy subsequent payloads. “RevC2 uses WebSockets to communicate with its command and control (C2) server. The malware is capable of stealing cookies and passwords, proxying network traffic and providing remote code execution (RCE),” Zscaler ThreatLabz researcher Muhammad Irfan V.A. said. “Venom…
December 6, 2024Hacker newsMalware / Threat Intelligence A threat actor known as Hammeredon the use of leverage was observed Cloudflare Tunnels as a tactic to hide its staging infrastructure, which hosts a malware called GammaDrop. The activity is part of the constant phishing campaign In a new analysis, Recorded Future’s Insikt Group said it has targeted Ukrainian organizations since at least early 2024 and is designed to eliminate Visual Basic Script malware. The cybersecurity company is tracking the threat under the name BlueAlpha, which is also known as Aqua Blizzard, Armageddon, Hive0051, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, UAC-0010,…
December 5, 2024Ravi LakshmananInternet Fraud / Cybercrime Europol on Thursday announced the closure of the Clearnet marketplace under the name Manson’s Market which has contributed to internet fraud on a large scale. The operation, led by German authorities, led to the seizure of more than 50 servers linked to the service and the arrest of two suspects. More than 200 terabytes of digital evidence has been collected. Manson Market (“manson-market(.)pw”) is believed to have been launched in 2022 as a way to distribute sensitive information that was illegally obtained from victims in phishing and vishing (voice phishing) schemes. One such…
December 5, 2024Ravi LakshmananCryptocurrency / Mobile Security More than 77 banking institutions, cryptocurrency exchanges and national organizations have been targeted by a newly discovered Android Remote Access Trojan (RAT) called DroidBot. “DroidBot is a state-of-the-art RAT that combines stealthy VNC and overlay attack techniques with spyware-like capabilities such as keyboard and UI monitoring,” Cleafy researchers Simone Mattia, Alessandro Strina, and Federico Valentini said. “What’s more, it uses two-channel communication when transmitting output data MQTT and receiving incoming commands over HTTPS, providing increased operational flexibility and resiliency.” An Italian fraud prevention company said it discovered the malware in late October 2024,…
December 5, 2024Ravi LakshmananIoT Vulnerability / Security Cyber security researchers have released a proof-of-concept (PoC) exploit that combines a patched critical security flaw affecting Mitel MiCollab with arbitrary zero-day file reading, allowing an attacker to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS Score: 9.8), which relates to insufficient input validation in Mitel MiCollab’s NuPoint Unified Messaging (NPM) component, leading to an attack bypassing the path. MiCollab is a software and hardware solution which integrates chat, voice, video and SMS messaging with Microsoft Teams and other apps. NPM is a voice mail server systemwhich allows…
Duplicated previously undocumented threat cluster Land of the Minotaur uses the MOONSHINE exploit suite and an unregistered Android and Windows backdoor called DarkNimbus to facilitate long-term surveillance operations against Tibetans and Uighurs. “Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat and potentially making it a cross-platform threat,” Trend Micro researchers Joseph Chen and Daniel Lungi said in an analysis published today. “MOONSHINE exploits many known vulnerabilities in Chromium-based browsers and applications, requiring users to regularly update their software to prevent attacks.” Countries affected by Earth Minotaur attacks include Australia, Belgium, Canada, France,…
Vulnerability management (VM) has long been a cornerstone of an organization’s cybersecurity. Almost as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. In recent years, however, the limitations of this approach have become increasingly apparent. In essence, vulnerability management processes remain important for identifying and remediating flaws. But with the passage of time and the development of attack paths, this approach is starting to show its age. In a recent report, How to turn vulnerability management into impact management (Gartner, How to Turn Vulnerability Management…
December 5, 2024Ravi LakshmananThreat Intelligence / Cyber Espionage A suspected Chinese threat actor targeted a major US organization earlier this year as part of a four-month intrusion. According to Broadcom-owned Symantec, the first evidence of malicious activity was discovered on April 11, 2024, and continued through August. However, the company does not rule out that the invasion could have happened earlier. “The attackers moved across the organization’s network, compromising multiple computers,” the Symantec Threat Hunter team said in a report shared with The Hacker News. “Some of the targeted machines were Exchange servers, suggesting that the attackers were gathering intelligence…