Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers

As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the devices and unauthorized access to the broader network. "The attack can be performed without user interaction if the management interface of the device has been configured

New Woody RAT Malware Being Used to Target Russian Organizations

An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files or Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability (CVE-2022-30190) in

Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage

A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. The attack, which transpired over a seven-day-period during the end of May, has been attributed to a threat activity cluster tracked by cybersecurity firm Deepwatch

Three Common Mistakes That May Sabotage Your Security Training

Phishing incidents are on the rise. A report from IBM shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques. The Need for Security Awareness Training  Although technical solutions protect against phishing threats, no solution is 100% effective. Consequently, companies have no choice but to involve their

Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws

Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers. Tracked as CVE-2022-20842 (CVSS score: 9.8)

Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour

A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE — short for Supersingular Isogeny Key Encapsulation — which made it to the fourth round of the Post-Quantum Cryptography (PQC) standardization

VirusTotal Reveals Most Impersonated Software in Malware Attacks

Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. "One of the

On-Demand Webinar: New CISO Survey Reveals Top Challenges for Small Cyber Security Teams

The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis.  Nearly 60% of enterprises can’t find the staff to protect their data (and reputations!) from new and emerging breeds of cyber-attacks, reports the Information Systems Security Association (ISSA) in its 5th annual global industry study.  The result? Heavier workloads, unfilled positions, and

Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users

A new, large-scale phishing campaign has been observed using adversary-in-the-middle (AitM) techniques to get around security protections and compromise enterprise email accounts. "It uses an adversary-in-the-middle (AitM) attack technique capable of bypassing multi-factor authentication," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu said in a Tuesday report. "The campaign is

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues, tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8), impact VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike

Researchers have disclosed a new offensive framework referred to as Manjusaka that they call is a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control (C2), written in Golang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider

New 'ParseThru' Parameter Smuggling Vulnerability Affects Golang-based Applications

Security researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. "The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language," Israeli cybersecurity firm

What is ransomware and how can you defend your business from it?

Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.  According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial

Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys

Researchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm CloudSEK said in a report exclusively

Two Key Ways Development Teams Can Increase Their Security Maturity

Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent global research, 67% of developers that were interviewed said they were still shipping code they knew

Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals

A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan (RAT) when he was 15, while also administering the tool from 2013 until its shutdown in 2019 as part

Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers

The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. <!--adsense--> The findings

Stop Putting Your Accounts At Risk, and Start Using a Password Manager

Image via Keeper Right Now, Get 50% Off Keeper, the Most Trusted Name in Password Management. In one way or another, almost every aspect of our lives is online, so it’s no surprise that hackers target everything from email accounts to banks to smart home devices, looking for vulnerabilities to exploit. One of the easiest exploits is cracking a weak password. That’s why using a strong, unique

Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers

Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via

North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts

A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name 

CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-26138, concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center

Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been

Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices

Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras.  Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the

Researchers Warn of Increase in Phishing Attacks Using Decentralized IPFS Network

The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the spam campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS, short for InterPlanetary File System, is a

How to Combat the Biggest Security Risks Posed by Machine Identities

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity

Spanish Police Arrest 2 Nuclear Power Workers for Cyberattacking the Radiation Alert System

Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network (RAR), which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies (DGPCE) and used to

Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation

A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain

Google Delays Blocking 3rd-Party Cookies in Chrome Browser Until 2024

Google on Wednesday said it's once again delaying its plans to turn off third-party cookies in the Chrome web browser from late 2023 to the second half of 2024. "The most consistent feedback we've received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome," Anthony Chavez, vice president of Privacy Sandbox, said.

Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default

With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their tactics, techniques, and procedures (TTPs). "The use of VBA and XL4 Macros decreased approximately 66% from October 2021 through June 2022," Proofpoint said in a report shared with The Hacker News, calling it "

Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits

A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the

Top MSSP CEOs Share 7 Must-Do Tips for Higher MSSP Revenue and Margin

MSSPs must find ways to balance the need to please existing customers, add new ones, and deliver high-margin services against their internal budget constraints and the need to maintain high employee morale.In an environment where there are thousands of potential alerts each day and cyberattacks are growing rapidly in frequency and sophistication, this isn’t an easy balance to maintain. Customers

LibreOffice Releases Software Update to Patch 3 New Vulnerabilities

The team behind LibreOffice has released security updates to fix three security flaws in the productivity software, one of which could be exploited to achieve arbitrary code execution on affected systems. Tracked as CVE-2022-26305, the issue has been described as a case of improper certificate validation when checking whether a macro is signed by a trusted author, leading to the execution of

U.S. Offers $10 Million Reward for Information on North Korean Hackers

The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or

These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware

As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up. While masquerading as innocuous

New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts

Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation.  "The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure

Taking the Risk-Based Approach to Vulnerability Patching

Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation.Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or

Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access

Threat actors are increasingly abusing Internet Information Services (IIS) extensions to backdoor servers as a means of establishing a "durable persistence mechanism." That's according to a new warning from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate modules used by target

Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware

Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in June 2022, launching a brand new leak site and what's the very first ransomware bug bounty program,

4 Steps the Financial Industry Can Take to Cope With Their Growing Attack Surface

The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread of mobile banking apps, chat-based customer service, and other digital tools. Adobe's 2022 FIS Trends Report, for instance, found that more than half of the financial services and insurance firms surveyed experienced a notable increase in digital/mobile

Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This

Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers

FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty

SmokeLoader Infecting Targeted Systems with Amadey Info-Stealing Malware

An information-stealing malware called Amadey is being distributed by means of another backdoor called SmokeLoader. The attacks hinge on tricking users into downloading SmokeLoader that masquerades as software cracks, paving the way for the deployment of Amadey, researchers from the AhnLab Security Emergency Response Center (ASEC) said in a report published last week. <!--adsense--> Amadey, a

Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores

Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22. PrestaShop is

Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10

Experts Uncover New 'CosmicStrand' UEFI Firmware Rootkit Used by Chinese Hackers

An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated Unified Extensible Firmware Interface (UEFI) firmware rootkit called CosmicStrand. "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are related to designs using the H81 chipset," Kaspersky researchers said in a new report published today

Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants

Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected restaurants and posted for sale on the dark web. "The online ordering platforms MenuDrive and Harbortouch

Racoon Stealer is Back — How to Protect Your Organization

The Racoon Stealer malware as a service platform gained notoriety several years ago for its ability to extract data that is stored within a Web browser. This data initially included passwords and cookies, which sometimes allow a recognized device to be authenticated without a password being entered. Racoon Stealer was also designed to steal auto-fill data, which can include a vast trove of

Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France

The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week. Attack chains involving Roaming

SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products

Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in

Microsoft Resumes Blocking Office VBA Macros by Default After 'Temporary Pause'

Microsoft has officially resumed blocking Visual Basic for Applications (VBA) macros by default across Office apps, weeks after temporarily announcing plans to roll back the change. "Based on our review of customer feedback, we've made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios," the company said in an update on July

Google Bringing the Android App Permissions Section Back to the Play Store

Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of tweets. "We heard your feedback that you find the app permissions section in Google Play useful, and

An Easier Way to Keep Old Python Code Healthy and Secure

Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of

Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy's Health

Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk,"

Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists

The actively exploited but now-fixed Google Chrome zero-day flaw that came to light at the start of this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed

New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems

A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems. "The framework has both passive and active

Hackers Target Ukrainian Software Company Using GoMet Backdoor

A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network. "This access could be

Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms

The advanced persistent threat (APT) actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News. "The malware includes multiple interesting components to evade

The New Weak Link in SaaS Security: Devices

Typically, when threat actors look to infiltrate an organization's SaaS apps, they look to SaaS app misconfigurations as a means of entry. However, employees now use their personal devices, whether their phones or laptops, etc., to get their jobs done. If the device's hygiene is not up to par, it increases the risk for the organization and widens the attack surface for bad actors. And so,

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username "