Author: Admin
September 9, 2024Ravi LakshmananMobile Security / Cryptocurrency Android device users in South Korea have been targeted by a new mobile malware campaign that introduces a new type of threat called SpyAgent. The malware “targets mnemonic keys by scanning images on your device that may contain them,” said McAfee Labs researcher SangRyol Ryu said in the analysis, the addition of the target footprint expanded the scope to include the UK The company uses fake Android apps that masquerade as seemingly legitimate banking, government, streaming apps, and utilities to trick users into installing them. Since the beginning of the year, 280 fake…
September 9, 2024Ravi LakshmananCyber attack / threat intelligence A previously undocumented threat actor, likely linked to Chinese-speaking groups, has primarily targeted drone manufacturers in Taiwan in a campaign of cyberattacks that began in 2024. Trend Micro has tracking an opponent under a pseudonym TIDRONstating that this activity is driven by espionage given the focus on military industrial networks. The exact initial access vector used to compromise the targets is currently unknown, as Trend Micro’s analysis found the deployment of custom malware such as CXCLNT and CLNTEND using remote desktop tools such as UltraVNC. An interesting commonality observed among various victims…
The US government and a coalition of international partners have officially recognized the Russian hacking group they are tracking Cadet Blizzard to the 161st specialist training center of the Main Intelligence Directorate (GRU) of the General Staff (cityMilitary unit 29155). “These cyber actors have been responsible for computer network operations against global targets for the purposes of espionage, sabotage and reputational damage since at least 2020,” the agencies noted. said. “Since early 2022, the primary focus of cyber actors appears to be targeting and disrupting aid efforts in Ukraine.” The attacks targeted critical infrastructure and key resource sectors, including government…
September 7, 2024Ravi LakshmananCyber Security / Malware Threat actors linked to North Korea have been seen using LinkedIn as a way to target developers as part of a fake job recruitment operation. These attacks use coding tests as a common initial infection vector, according to a new report by Google-owned Mandiant on the threats facing the Web3 sector. “After the initial chat, the attacker sent a ZIP file containing the COVERTCATCH malware disguised as a Python coding problem,” said researchers Robert Wallace, Blas Kojusner and Joseph Dobson. The malware functions as a launch pad to compromise a target’s macOS system…
September 7, 2024Ravi LakshmananCybercrime / Dark Web In the US, two men have been indicted for their alleged involvement in running the WWH Club marketplace, which specializes in selling sensitive personal and financial information. Alex Khodyrev, 35, a citizen of Kazakhstan, and Pavel Kublitsky, 37, a Russian, were charged with conspiracy to commit access device fraud and network Internet fraud. Khodyrov and Kublitsky, in the period from 2014 to 2024. acted as the main administrators of WWH Club (wwh-club(.)ws) and various other subsidiary sites – wwh-club(.)net, center-club(.)pw, opencard(.)pw, skynetzone(.)org – which functioned as dark web markets, forums, and training centers…
September 6, 2024Ravi LakshmananNetwork security / threat detection SonicWall has discovered that a recently patched critical security flaw affecting SonicOS could be actively exploited, so users should apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, has a CVSS score of 9.3 out of a maximum of 10. “Improper access control vulnerability has been identified in SonicWall SonicOS and SSLVPN management access, which could potentially lead to unauthorized access to resources and cause firewall failure under certain conditions,” SonicWall said in the updated guidance. Through recent developments, the company revealed that CVE-2024-40766 also affects the SSLVPN feature…
September 6, 2024Ravi LakshmananSoftware Security / Hacking Threat actors have long used typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading mined software and packages. These attacks usually involve registering domains or packages with names slightly altered from their legitimate counterparts (eg goog1e.com vs. google.com). Opponents targeting cross-platform open source repositories rely on developers making typos to get started attacks on software supply chains via PyPI, npm, Maven Central, NuGet, RubyGems, and Crate. Recent findings from cloud security company Orca show that even GitHub Actionscontinuous integration and continuous delivery (CI/CD) platforms are not immune to…
September 6, 2024Ravi LakshmananCryptocurrency Attack / APT The newly disclosed security flaw in OSGeo’s GeoServer GeoTools has been exploited by numerous campaigns to provide cryptocurrency miners, botnet malware such as Condi and JenX, and a notorious backdoor called SideWalk. The security vulnerability is a critical remote code execution flaw (CVE-2024-36401, CVSS score: 9.8) that could allow attackers to take control of sensitive instances. In mid-July, the US Cybersecurity and Infrastructure Security Agency (CISA) added it to the catalog of known exploitable vulnerabilities (KEV), based on evidence of active use. The Shadowserver Foundation stated that since July 9, 2024, it has…
The 2024 State of vCISO Report continues Cynomi’s tradition of exploring the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to an independent survey, demand for these services is growing, with both providers and customers reaping the benefits. The upward trend will continue, and even faster growth is expected in the future. However, service providers looking to enter the vCISO market must address challenges such as technology limitations and a lack of security and compliance expertise. For more information on the state of vCISOs, read Cynomi’s detailed report. Virtual CISO Health Review Report Global Surveyz, an independent…
September 6, 2024Ravi LakshmananWordPress Security / Webinar Cybersecurity researchers have discovered another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, identified as CVE-2024-44000 (CVSS score: 7.5), affects versions up to and including 6.4.1. This was resolved in version 6.5.0.1. “The plug-in suffers from an unauthenticated account hijacking vulnerability that allows any unauthenticated visitor to gain authentication access to any logged-in user, and in the worst case, gain access to the administrator role, allowing malicious plug-ins to be downloaded and installed” , — Rafi, Patchstack researcher.…