Author: Admin
August 22, 2024Ravi LakshmananDatabase Security / Cryptocurrency Cybersecurity researchers have unpacked a new variant of the malware called PG_MEM, designed to mine cryptocurrency after crudely infiltrating PostgreSQL database instances. “Brute force attacks on Postgres involve repeated attempts to guess database credentials until access is granted, using weak passwords,” – Assaf Morag, Aqua Security Researcher said in the technical report. “Once accessed, attackers can use COPY … FROM SQL PROGRAM command to execute arbitrary shell commands on a host, allowing them to perform malicious actions such as stealing data or deploying malware.” The attack chain observed by the cloud security firm…
August 21, 2024Ravi LakshmananCyber espionage / malware A new remote access trojan has been invoked MoonPeak was found to be used by North Korea’s state-sponsored threat cluster as part of a new campaign. Cisco Talos attributes the malicious cyber campaign to a hacking group it is tracking as UAT-5394, which it says shows some level of tactical overlap with a known nation-state actor codenamed Kimsuki. MoonPeak, which is actively being developed by the threat, is an open source variant Xeno RAT malware that was previously deployed as part of phishing attacks that are designed to obtain payloads from actor-controlled cloud…
August 21, 2024Ravi LakshmananSoftware Security / Vulnerability Cybersecurity researchers have discovered a critical security flaw affecting Microsoft’s Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS Score: 8.5), the vulnerability was described as a disclosure bug that results from server-side request forgery (USSR) attack. “An authenticated attacker could bypass server-side request forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network,” Microsoft. said in a recommendation published on August 6, 2024. The tech giant went on to say that the vulnerability has been fixed and does not require any action from…
August 21, 2024Ravi LakshmananMalware / cryptocurrency Cybersecurity researchers have discovered a new type of macOS malware called TodoSwift that they say shares common features with known malware used by North Korean hacking groups. “This app has some behavior associated with malware we’ve seen originating from North Korea (DPRK) — specifically a threat known as BlueNoroff — such as CANDY CORN and RustBucket”, Kandi security researcher Christopher Lopez said in the analysis. RustBucket, which first appeared in July 2023, refers to an AppleScript-based backdoor capable of receiving next-stage payloads from a Command and Control (C2) server. Late last year, Elastic Security…
August 21, 2024Ravi LakshmananCyber espionage / threat intelligence In an operational security (OPSEC) breach, the operator behind a new information stealer called Styx Stealer leaked data from his own computer, including customer details, earnings information, nicknames, phone numbers and email addresses. Styx Stealer, derived from Thief of phemedroneis capable of stealing browser data, Telegram and Discord instant messaging sessions, and cryptocurrency wallet information, according to an analysis by cybersecurity firm Check Point. It first appeared in April 2024. “Styx Stealer is likely based on the source code of an older version of Phemedrone Stealer, which lacks some features that newer…
It won’t be a big revelation to say that SaaS applications have changed the way we work in both our personal and professional lives. We regularly rely on cloud and remote applications to perform our core functions, so the only true perimeter of our networks is the credentials we use to log into these services. Unfortunately, as is often the case, our appetite for improved workflows, collaboration and communication outpaced our willingness to ensure that these tools and processes were secure when we plugged them into our environment, handing over control over the security of our data. Each of these…
August 21, 2024Ravi LakshmananCyber warfare / threat intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has warned new phishing attacks aimed at infecting devices with malware. The activity was attributed to the threat cluster it tracks as UAC-0020, which is also known as Paradisi. The exact scale and scope of the attacks are still unknown. The chain of attacks begins with phishing messages containing photos of alleged POW(s) from Kursk Oblast, urging recipients to click on a link that points to a ZIP archive. The ZIP file contains a Microsoft Compiled HTML Help (CHM) file that embeds the JavaScript…
August 21, 2024Ravi LakshmananWordPress / Cyber Security A maximum severity security flaw has been discovered in the GiveWP donation and fundraising WordPress plugin that exposes more than 100,000 websites to remote code execution attacks. Tracked as CVE-2024-5932 (CVSS score: 10.0), the bug affects all versions of the plugin up to version 3.14.2, which was released on August 7, 2024. A security researcher with the alias villu164 has been credited with discovering and reporting the issue about her. Plugin “vulnerable to PHP Object Injection in all versions up to and including 3.14.1 via deserialization of untrusted input from the ‘give_title’ parameter,”…
August 20, 2024Ravi LakshmananMobile Security / Bank Fraud Mobile users in the Czech Republic are being targeted by a new phishing campaign that uses a progressive web application (PWA) in an attempt to steal their bank account credentials. According to the Slovak cyber security company ESET, the target of the attacks was the Czech Československá obchodní banka (CSOB), as well as the Hungarian OTP Bank and the Georgian TBC Bank. “Phishing websites targeting iOS instruct victims to add a Progressive Web Application (PWA) to their home screens, while on Android PWAs are installed after validating custom browser pop-ups,” security researcher…
August 20, 2024Hacker newsCyber Security / Cloud Security As cloud infrastructure becomes the backbone of today’s businesses, securing these environments is of paramount importance. With AWS (Amazon Web Services) still the dominant cloud, it’s important for any security professional to know where to look for signs of a breach. AWS CloudTrail stands out as a critical tool for tracking and logging API activity, providing a complete record of activities performed in an AWS account. Think of AWS CloudTrail as an audit or event log for all API calls made in your AWS account. For security professionals, monitoring these logs is…