Author: Admin
October 28, 2024Ravi LakshmananMalware / Threat Intelligence Three malicious packages published to the npm registry in September 2024 were found to contain known malware called BeaverTail, a JavaScript downloader, and an information stealer linked to an ongoing campaign in North Korea tracked as Contagious Interview. Datadog Security Research Team monitoring activity under the name Stubborn pungsanwhich is also known by the aliases CL-STA-0240 and Famous Chollima. The names of the malicious packages that are no longer available for download from the package registry are listed below – passports-js, passport backdoor (118 downloads) bcrypts-js, a backdoor copy of bcryptjs (81 downloads)…
October 28, 2024Ravi LakshmananCyber espionage / Android An alleged Russian hybrid espionage-influence operation was spotted delivering a mixture of Windows and Android malware to target the Ukrainian military called Telegram Civil Defense. Google Threat Analysis Group (TAG) and Mandiant track activity under the name UNC5812. A threat group that runs a Telegram channel called civildefense_com_uawas created on September 10, 2024. At the time of writing, the channel has 184 subscribers. It also supports the website civildefense.com(.)ua, which was registered on April 24, 2024. “Civil Defense claims to be a provider of free software designed to allow potential recruits to view…
October 28, 2024Ravi LakshmananCloud Security / Cyber Attack A government organization and a religious organization in Taiwan have been targeted by a China-linked threat known as The elusive panda which infected them with a previously undocumented post-compromise toolkit codenamed CloudScout. “The CloudScout toolkit is capable of extracting data from various cloud services using stolen web session cookies,” ESET security researcher An Ho said. “Through the CloudScout plug-in, it works seamlessly with MgBot, Evasive Panda’s proprietary malware framework.” A Slovak cybersecurity company used .NET-based malware that was discovered between May 2022 and February 2023. It includes 10 different modules written in…
Criminals blow up ATMs in Germany this low techbut effective. Why Germany? It has more ATMs than other European countries, and if I read the article correctly, they have more money. tags: ATMs, banking, bombs, theft Posted on October 28, 2024 at 12:12 pm • 0 comments Bruce Schneier sidebar photo by Joe McInnis. Source link
October 28, 2024Hacker newsOperational technologies / Cyber security Operational safety technology (OT) has impacted marine vessel and port operators as both ships and industrial cranes are rapidly digitized and automated, creating new types of safety challenges. Ships come ashore on average every six months. Container cranes are mostly automated. Diagnostics, maintenance, upgrades and tuning of these mission-critical systems are performed remotely, often by third-party technicians. This highlights the importance of proper secure remote access management for industrial control systems (ICS). Learn more in our Buyer’s Guide to Securely Managing the Remote Access Lifecycle. We are in SSH connection security (SSH)…
Cybersecurity researchers are warning of a surge in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services such as Cloudflare and Microsoft Sway for your benefit. “Companies targeted sensitive information from various crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for several of the company’s webmail platforms, as well as Microsoft 365 login credentials,” said Netskope Threat Labs researcher Ian Michael Alcantara. said in the analysis. The cybersecurity company said it tracked a 10-fold increase in traffic to phishing pages created using Webflow between April…
October 28, 2024Ravi LakshmananWindows Vulnerability / Security A new attack technique can be used to bypass Microsoft Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) demotion attacks. “This bypass allows the loading of unsigned kernel drivers, allowing attackers to deploy custom rootkits that can override security controls, hide processes and network activity, maintain stealth, and more,” SafeBreach researcher Alon Leviev. said in a report shared with The Hacker News. Recent findings are based on preliminary analysis which discovered two elevation of privilege flaws in the Windows update process (CVE-2024-21302 and CVE-2024-38202), which can be…
October 26, 2024Ravi LakshmananCybercrime / Malware Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare cases in which cybercriminals from the country have been convicted of hacking and money laundering. Russian information publication “Kommersant”. informed that the court in St. Petersburg found Artyom Zayts, Aleksey Malazemov, Daniil Puzyreuski and Ruslan Khansvyerov guilty of illegal circulation of payment means. Puzyrewski and Khansvyerov were also found guilty of using and distributing malicious programs. For this, Zayets and Malazemov were sentenced to 4.5 and 5 years of imprisonment. Khansvyerov…
October 26, 2024Ravi LakshmananCloud Security / Cryptocurrency The infamous group of cryptojackers known as Team TNT appears to be gearing up for a new large-scale campaign targeting cloud environments for cryptocurrency mining and leasing hacked servers to third parties. “The group is currently targeting exposed Docker daemons to deploy Sliver malware, cyberworms and cryptominers, using compromised servers and Docker Hub as infrastructure to spread their malware,” said Assaf Morag, director of threat intelligence at Aqua cloud security. said in a report released Friday. The attack is again a testament to the persistence of the threat actor and their ability to…
October 26, 2024Ravi LakshmananCyber attack / threat intelligence Ukraine’s Computer Emergency Response Team (CERT-UA) has detailed a new malicious electronic campaign targeting government agencies, businesses and military structures. “Messages use the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture,” CERT-UA said. “These emails contain attachments in the form of Remote Desktop Protocol (‘.rdp’) configuration files.” Once executed, RDP files establish a connection to a remote server, allowing threat actors to remotely access compromised nodes, steal data, and install additional malware for subsequent attacks. Infrastructure preparations for this activity are believed to have been underway…