Author: Admin
A coalition of law enforcement agencies coordinated by the UK’s National Crime Agency (NCA) has led to the arrest and extradition of a Belarusian and a Ukrainian dual national believed to be linked to Russian-speaking cybercriminal groups. 38-year-old Maksim Silnikov (aka Maksim Silnikov) went by the pseudonyms JP Morgan, xxx and lansky on the Internet. He was extradited to the United States from Poland on August 9, 2024 to face charges related to international computer hacking and fraud schemes. “J. Mr Morgan and his associates are elite cybercriminals who practice extreme operational and online security to avoid detection by law…
August 14, 2024Ravi LakshmananThreat Intelligence / Cyber Attack The China-backed threat actor is known as Baku land has diversified its target footprint beyond the Indo-Pacific to include Europe, the Middle East and Africa from late 2022. New countries targeted by the operation include Italy, Germany, the UAE and Qatar, with suspected attacks also detected in Georgia and Romania. Governments, media and communications, telecommunications, technology, healthcare and education are some of the sectors singled out as part of a suite of intrusions. “The group has updated its tools, tactics and procedures (TTP) in recent campaigns by using public applications such as…
August 14, 2024Ravi LakshmananVulnerability / Network Security Ivanti has released security updates for a critical flaw in Virtual Traffic Manager (vTM) that can be used to bypass authentication and create fake administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. “An incorrect implementation of the authentication algorithm in Ivanti vTM, other than versions 22.2R1 or 22.7R2, allows a remote, unauthenticated attacker to bypass admin panel authentication,” the company said in a statement. said in the consulting room. This affects the following versions of vTM − 22.2 (fixed in version 22.2R1)…
Monitoring changing DDoS trends is essential for anticipating threats and adapting defensive strategies. The full Gcore Radar report for the first half of 2024 provides detailed information on DDoS attack data, showing changes in attack patterns and the broader cyber threat landscape. Here we share a selection of findings from the full report. Key conclusions The number of DDoS attacks in the first half of 2024 increased by 46% compared to the same period last year and reached 445 thousand in the second quarter of 2024. Compared to data for the previous six months (3-4 quarters of 2023), it increased…
August 14, 2024Ravi LakshmananWindows Security/Vulnerabilities Microsoft on Tuesday sent patches to address the total number 90 security flawsincluding 10 zero days, six of which were actively exploited in the wild. Of the 90 bugs, seven were rated Critical, 79 were rated Important, and one was rated Medium. This is also in addition to 36 vulnerabilities that the tech giant has decided on its Edge browser since last month. Patch Tuesday’s updates are notable for addressing six actively exploited zero-days – CVE-2024-38189 (CVSS Score: 8.8) – Microsoft Project remote code execution vulnerability CVE-2024-38178 (CVSS Score: 7.5) – A vulnerability in the…
August 13, 2024Ravi LakshmananHealthcare / Vulnerability Cybersecurity researchers have discovered two security flaws in Microsoft’s Azure Health Bot service that, if exploited, could allow malicious actors to achieve lateral movement in a client environment and gain access to sensitive patient data. Critical issues now fixed by Microsoft could have allowed resource access between tenants on the service, Tenable said in a new the report shared with The Hacker News. The Azure AI Health Bot service is a cloud platform enabling developers in healthcare organizations to create and deploy AI-powered virtual healthcare assistants and create co-pilots to manage administrative workloads and…
August 13, 2024Ravi LakshmananVulnerability / hardware security A team of researchers from CISPA’s Helmholtz Center for Information Security in Germany discovered an architectural flaw in the XuanTie C910 and C920 of the Chinese company T-Head. RISC-V CPU which could allow attackers to gain unrestricted access to sensitive devices. The vulnerability was codenamed GhostWrite. This was described as a direct processor bug built into the hardware, as opposed to a side-channel attack or transient execution. “This vulnerability allows an unprivileged attacker, even with limited access, to read and write any part of a computer’s memory and control peripheral devices such as…
August 13, 2024Hacker newsCyber Defense / Compliance Traditionally, the focus has been on protecting against digital threats, such as malware, ransomware and phishing attacks, by detecting and responding to them. However, cyber threats are becoming more sophisticated. There is growing recognition of the importance of measures to stop new attacks before they are recognized. For valuable assets, it is not good enough to have protection, it is essential to have some confidence in the effectiveness of the protection. With software, this kind of assurance is hard work, and this has led to an additional approach called hardsec. What is Hardsec?…
The US Federal Bureau of Investigation (FBI) on Monday announced a failure in the Internet infrastructure linked to a group of ransomware called Dispossessor (aka Radar). In the course of this work, three servers in the US, three servers in the UK, 18 German servers, eight criminal domains in the US and one criminal domain in Germany were dismantled. Dispossessor is said to be operated by an individual(s) who go by the internet alias “The Brain”. “Since its inception in August 2023, Radar/Dispossessor has rapidly evolved into an international ransomware group that targets and attacks small and medium-sized businesses and…
August 13, 2024Ravi LakshmananThreat Intelligence / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign masquerading as the Security Service of Ukraine to distribute malware with the ability to remotely access the desktop. The agency is tracking activity called UAC-0198. It is estimated that since July 2024, more than 100 computers have been infected, including those related to government agencies in the country. The attack chains involve mass email distribution to deliver a ZIP archive containing an MSI installer file that, when opened, deploys a malware called ANONVNC. ANONVNC, which is based on…