Author: Admin
North Korean threat actors have used a fake Windows video conferencing application posing as FreeConference.com to shut down developers’ systems as part of an ongoing funding campaign called Contagious Interview. A new wave of attack, spotted by Singapore-based Group-IB in mid-August 2024 is further evidence that this activity is also using proprietary installers for Windows and Apple macOS to deliver malware. Contagious Interview, also tracked as DEV#POPPER, is a malicious campaign orchestrated by a North Korean threat actor tracked by CrowdStrike under the alias Famous Chollima. The attack chains begin with a mock interview that forces job seekers to download…
September 4, 2024Ravi LakshmananVulnerability / Mobile Security Google has released monthly security updates for its Android operating system aimed at fixing a known security flaw that it says has been widely exploited in the wild. The high severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), involves an elevation of privilege instance in an Android Framework component. According to description about the bug in the NIST National Vulnerability Database (NVD), it’s a logic bug that can lead to a local elevation of privilege without requiring any additional execution privileges. “There are indications that CVE-2024-32896 may be in limited, targeted exploitation,” Google…
September 4, 2024Ravi Lakshmanan A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been used in the wild in an attempt to infiltrate downstream organizations. Codenamed Revival Hijack, JFrog, a software supply chain security company, said the attack method could be used to hijack 22,000 existing PyPI packages and lead to “hundreds of thousands” of malicious package downloads. These sensitive packages have more than 100,000 downloads or have been active for more than six months. “This attack method involves capturing PyPI software packages by manipulating their ability to be re-registered after they have been removed…
September 4, 2024Ravi LakshmananVulnerability / Network Security Zyxel has released software updates to address a critical security flaw affecting certain versions of access points (APs) and security routers that could lead to the execution of unauthorized commands. Tracked as CVE-2024-7261 (CVSS Score: 9.8), the vulnerability was described as an operating system (OS) command injection case. “Improper neutralization of special elements in the ‘host’ parameters in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device,” Zyxel said. said in the consulting room.…
September 4, 2024Hacker newsSaaS Security / Browser Security Account hijacking attacks have become one of the most persistent and damaging threats to SaaS cloud environments. However, despite significant investment in traditional security measures, many organizations continue to struggle to prevent these attacks. A new report, “Why account hijacking attacks still succeed and why your browser is your secret weapon for stopping them” states that the browser is the primary battleground where account hijacking attacks are deployed and therefore where they must be neutralized. The report also provides effective recommendations to reduce the risk of account hijacking. Below are some of…
September 4, 2024Ravi LakshmananGDPR / Privacy The Dutch Data Protection Authority (DPA) has fined facial recognition firm Clearview AI €30.5 million ($33.7 million) for violating the General Data Protection Regulation (GDPR) in the European Union (EU) by creating “illegal database”. with billions of photos of faces,” including citizens of the Netherlands. “Facial recognition is a very intrusive technology that you can’t just apply to anyone in the world,” Dutch DPA chairman Aleid Wolfsen said in a statement to the press. “If there is a picture of you on the Internet – doesn’t that concern all of us? – then you…
September 4, 2024Ravi LakshmananMalware / Network Security A new malware campaign is spoofing Palo Alto Networks’ GlobalProtect VPN software to deliver a variant of WikiLoader (aka WailingCrab) using a search engine optimization (SEO) campaign. The malware observed in June 2024 is a departure from previously observed tactics where malware was distributed via traditional phishing emails, Unit 42 researchers Mark Lim and Tom Marsden note said. WikiLoader, documented for the first time Proofpoint in August 2023 was attributed to a threat known as TA544 with email attacks using the Danabot and Ursnif malware to deploy. Then in April of this year,…
September 3, 2024Ravi LakshmananEndpoint Security / Malware Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that bears similarities to the now-defunct Black Cat (aka ALPHV) operation. “The Cicada3301 ransomware appears to primarily target small and medium-sized businesses (SMBs), likely through opportunistic attacks that use vulnerabilities as an initial access vector,” cybersecurity firm Morphisec said. said in a technical report shared with The Hacker News. Written in Rust and able to target both Windows and Linux/ESXi hosts, Cicada3301 first appeared in June 2024 inviting potential partners to join their ransomware-as-a-service (RaaS) platform through an advertisement…
September 3, 2024Ravi LakshmananRansomware/Malware A hacktivist group known as Mare’s head was linked to cyber attacks aimed exclusively at organizations located in Russia and Belarus. “Head Mare uses more advanced methods to gain initial access,” Kaspersky said in an analysis of the group’s tactics and tools on Monday. “For example, attackers took advantage of a relatively recent one CVE-2023-38831 a vulnerability in WinRAR that allows an attacker to execute arbitrary code on the system via a specially crafted archive. This approach allows the group to more efficiently deliver and mask malicious payloads.” Head Mare, which has been active since 2023,…
Mobile users in Brazil are being targeted by a new malware campaign that is delivering a new Android banking trojan called Rocinante. “This malware family is able to perform keylogging using the Accessibility Service and can also steal identifying information from its victims using phishing screens, impersonating various banks,” Dutch security firm ThreatFabric said. said. “Finally, it can use all of this filtered information to perform Device Control (DTO) by using Accessibility Service privileges to achieve full remote access to the infected device.” Some of the known malware targets include financial institutions such as Itaú Shop, Santander, with fake programs…