Author: Admin

For years, the security of a company’s systems has been synonymous with the security of its “perimeter.” There was what was safe “inside” and a dangerous outside world. We’ve built robust firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls will keep our data and systems safe. The problem is that we no longer operate within the confines of physical premises and controlled networks. Data and applications now reside in distributed cloud environments and data centers that users and devices can access from anywhere on the planet. The walls crumbled and the perimeter dissolved, opening…

October 3, 2024Ravi LakshmananLinux / Malware Linux servers are being targeted by an ongoing campaign that delivers stealthy malware called perfect with the main purpose of launching cryptocurrency miner and hacking software. “Perfctl is particularly elusive and persistent, using several sophisticated techniques,” Aqua security researchers Assaf Morag and Idan Reviva said in a report shared with The Hacker News. “When a new user logs into a server, they immediately stop all ‘noisy’ activity, lying dormant until the server is idle again. Once executed, it deletes the binary and continues to run quietly in the background as a service.” It should…

October 3, 2024Ravi LakshmananCyber ​​espionage / threat intelligence Threat actors linked to North Korea have been spotted delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and possibly other Southeast Asian countries. Activity, duplicate COVERED#SLEEP by Securonix, is considered handiwork APT37who is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima, Ruby Sleet and ScarCruft. Active since at least 2012, the controversial outfit is believed to be part of North Korea’s Ministry of State Security (MSS). Like other North Korea-linked state groups, including the Lazarus Group and Kimsuky, they vary in…

October 3, 2024Ravi LakshmananCyber ​​Crime / Financial Fraud Interpol has announced eight arrested in Ivory Coast and Nigeria in crackdown on phishing and romance cyber scams. The initiative, called Operation Contender 2.0, is designed to combat cybercrime in West Africa, the agency said. One such threat was a large-scale phishing scam targeting Swiss citizens that resulted in over $1.4 million in financial losses. Cybercriminals posed as shoppers on small advertising websites and used QR codes to direct victims to fraudulent websites imitating a legitimate payment platform. This allowed victims to inadvertently enter personal information such as credentials or card numbers.…

October 3, 2024Ravi LakshmananCybercrime / Ransomware A new wave of international law enforcement has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside Russia, two individuals in the UK who allegedly supported the branch, and the administrator of a bulletproof hosting in Spain used by the Europol ransomware group said in the statement. In connection with this, the authorities released a Russian…

October 3, 2024Ravi LakshmananEndpoint Vulnerability / Security The US Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw affecting the Endpoint Manager (EPM), which the company patched in May for its known exploits (KEV) catalog based on evidence of active operation. Vulnerability, tracked as CVE-2024-29824has a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. “Unspecified SQL Injection vulnerability in Ivanti EPM Core Server 2022 SU5 and earlier versions allows unauthenticated attackers on the same network to execute arbitrary code,” the software services provider said. said in a recommendation published on May 21,…

A large-scale fraud campaign used fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to trick victims findings from Group-IB. The company is part of a consumer investment fraud scheme, also commonly known as butchering of pigsin which potential victims are lured into investing in cryptocurrency or other financial instruments after gaining their trust under the guise of a romantic relationship or investment advisor. Such manipulative and social engineering operations often end up with victims losing their funds, and in some cases extorting even more money from them by asking for…

October 2, 2024Ravi LakshmananCyber ​​Espionage / Cloud Security A previously undocumented threat actor called CeranaKeeper has been linked to a series of data theft attacks targeting Southeast Asia. Slovakian cybersecurity firm ESET, which monitored campaigns targeting government agencies in Thailand starting in 2023, attributed this cluster of activity as relevant to China, using tools previously identified as being used by Mustang Panda an actor. “The group is constantly updating its backdoor to avoid detection and diversifying its methods to aid mass data theft,” – Romain Dumont, security researcher. said in an analysis published today. “CeranaKeeper abuses popular legitimate cloud and…

October 2, 2024Ravi LakshmananCyber ​​Crime / Threat Intelligence A phishing email campaign targeting recruiters with a JavaScript backdoor called More_eggs has been spotted, indicating a persistent effort to highlight the sector under the guise of fake lures for job applicants. “A sophisticated phishing lure forced a recruiter to download and run a malicious file disguised as a resume, leading to the more_eggs backdoor infection,” Trend Micro researchers Ryan Sullivan, Maria Emrin Virey and Fe Kureg said in the analysis. Marketed as Malware as a Service (MaaS), More_eggs is malware that has the ability to steal credentials, including those associated with…

October 2, 2024Ravi LakshmananVulnerability / Network Security Just over a dozen new security vulnerabilities have been discovered in residential and corporate routers manufactured by DrayTek that could be used to hijack vulnerable devices. “These vulnerabilities could allow attackers to take control of a router by injecting malicious code, allowing them to remain on the device and use it as a gateway to corporate networks,” according to a Forescout Vedere Labs technical report shared with The Hacker News. Of the 14 security flaws, two are rated critical, nine are rated high, and three are rated moderate. The most critical of the…