Author: Admin
September 27, 2024Ravi LakshmananGenAI / Cybercrime Russian-speaking users have become the target of a new campaign to distribute a commercial Trojan named DCRat (aka DarkCrystal RAT) using a technique known as Contraband HTML. This development marks the first time malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or spoofed websites or phishing emails with PDF attachments or Microsoft Excel documents with macro firmware. “HTML smuggling is primarily a payload delivery mechanism,” – Nikhil Hegde, researcher at Netskope said in an analysis published Thursday. “The payload can be embedded in the HTML…
September 27, 2024Ravi LakshmananLinux / Vulnerability A new set of security vulnerabilities has been discovered in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that may allow remote command execution under certain conditions. “A remote, unauthenticated attacker can silently replace the IPP URL of existing printers (or install new ones) with a malicious one, causing an arbitrary command to be executed (on a computer) when a print job (from that computer) is initiated,” – Security Researcher Simone. Margaritelli said. CUPS is a standards-based, open-source printing system for Linux and other Unix-like operating systems, including ArchLinux, Debian, Fedora, Red…
The threat actor known as Storm-0501 has targeted the government, manufacturing, transportation and law enforcement sectors in the US to launch ransomware attacks. The multi-stage attack campaign is designed to breach hybrid cloud environments and perform lateral migration from on-premises to cloud environments, ultimately leading to data theft, credential theft, spoofing, persistent backdoor access and ransomware deployment, Microsoft said. “Storm-0501 is a financially motivated cybercriminal group that uses open source products and tools to conduct ransomware operations,” respectively to the tech giant’s threat intelligence team. The threat actor, which has been active since 2021, already had a history of attacking…
September 27, 2024Hacker newsCyber security certificates In today’s rapidly evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats become more sophisticated, the demand for skilled cyber security professionals has never been higher. Whether you are a seasoned cyber professional or just starting outby subscribing to the GIAC newsletter ensures that you are always informed and prepared for the changing landscape of cyber security. One of the most effective ways to demonstrate your knowledge in this critical area is through cybersecurity certifications. These credentials serve as a benchmark for skills and knowledge, setting candidates apart in…
The US government on Thursday imposed sanctions on two cryptocurrency exchanges and indicted a Russian national for his alleged involvement in a series of money laundering services offered to cybercriminals. Cryptocurrency exchanges Cryptex and PM2BTC are believed to facilitate the laundering of cryptocurrencies that may have been obtained through cybercrimes. The coordinated action was carried out in cooperation with the Dutch police and the Fiscal Intelligence and Investigation Service of the Netherlands (FIOD) as part of repression by law enforcement agencies continues is called Operation Endgame.. According to the results of the exercises, sites connected however, both exchanges were confiscated…
September 27, 2024Ravi LakshmananContainer Security / Cloud Computing A critical security flaw has been discovered in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the container and gain full access to the underlying host. Vulnerability, tracked as CVE-2024-0132has a CVSS score of 9.0 out of a maximum of 10.0. It was addressed in NVIDIA Container Toolkit v1.16.2 and NVIDIA GPU Operator v24.6.2. “NVIDIA Container Toolkit 1.16.1 or earlier contains a time-of-use check (TACT) vulnerability when used with default configuration where a specially crafted container image could access the host’s file system,” NVIDIA…
September 26, 2024Ravi LakshmananAutomotive industry / technology Cybersecurity researchers discovered a series of vulnerabilities in Kia vehicles, now patched, that, if successfully exploited, could have allowed key functions to be remotely controlled simply by using just a number plate. “These attacks could be performed remotely on any vehicle equipped with the hardware in about 30 seconds, regardless of whether it had an active Kia Connect subscription,” security researchers Naika Rivera, Sam Currie, Justin Rinehart and Ian Carroll said. The problems affect nearly all cars manufactured after 2013, even allowing attackers to secretly access sensitive information, including a victim’s name, phone…
September 26, 2024Ravi LakshmananCyber Espionage / Mobile Security About 25 websites linked to the Kurdish minority were hacked in a watering hole attack designed to gather sensitive information over a year and a half. French cybersecurity firm Sekoia, which revealed details of the company called SilentSelfie, described the set of intrusions as long-running, with the first signs of infection as early as December 2022. The strategic web compromises are designed to provide four different variants of the information theft system, the report added. “They ranged from the simplest, which simply stole the user’s location, to the more sophisticated, which recorded…
September 26, 2024Hacker newsThreat Detection / IT Security Imagine trying to find a needle in a haystack, but the haystack is on fire and there are a million other needles that you too must be found. Here’s what working with security system alerts can look like. A SIEM was supposed to make this easier, but somewhere along the way it became part of the problem. Too many alerts, too much noise, and not enough time to stop the threats. It’s time for a change. It’s time to take back control. Join Zuri Cortez and Seth Geftik for an insightful webinar…
September 26, 2024Ravi LakshmananCyber attack / malware Attackers linked to North Korea have been seen using two new varieties of malware, dubbed KLogEXE and FPSpy. The activity was attributed to an adversary tracked as Kimsukiwhich is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail and Velvet Chollima. “These samples expand Sparkling Pisces’ already extensive arsenal and demonstrate the group’s continued evolution and increasing capabilities,” Palo Alto Networks Division 42 researchers Daniel Frank and Lior Rochberger said. Active since at least 2012, the threat has been dubbed the “king of phishing” for its ability to…