Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. "The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as CVE-

SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls

The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features. Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to F-Secure. Besides requesting invasive permissions to access call logs, camera, SMS messages, and external

The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)

SaaS Security’s roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management. “SaaS Security on Tap” is a new video series that takes place in Eliana V's bar making sure that the only thing that leaks is beer (

Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence

Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim. "After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels," it said in a series of messages posted in X (formerly

Binance's Smart Chain Exploited in New 'EtherHiding' Malware Campaign

Threat actors have been observed serving malicious code by utilizing Binance's Smart Chain (BSC) contracts in what has been described as the "next level of bulletproof hosting." The campaign, detected two months ago, has been codenamed EtherHiding by Guardio Labs. The novel twist marks the latest iteration in an ongoing malware campaign that leverages compromised WordPress sites to serve

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said. "New features for Windows 11 include

New PEAPOD Cyberattack Campaign Targeting Women Political Leaders

European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void Rabisu, which is also known as Storm-0978, Tropical Scorpius, and UNC2596, and is also

Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration

The advanced persistent threat (APT) actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities. The findings come from Kaspersky, which first shed light on the adversary last year, linking it to attacks against high-profile entities in Europe and Asia for nearly three

Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats?

Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies.  Cyble, a renowned cyber threat intelligence company recognized for its research and findings, recently released its 

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware. "It's

FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) operation's

Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits

Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September. The two

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. "CVE-2023-22515 is a critical privilege escalation vulnerability in

HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks

Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487,

Google Adopts Passkeys as Default Sign-in Method for All Users

Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled out support for the FIDO Alliance-backed passwordless standard for Google Accounts on all platforms. "This means the next time you sign in to your account, you'll start seeing prompts to create and use passkeys, simplifying your future sign-ins," Google's Sriram Karra and Christiaan

New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise

Certain online risks to children are on the rise, according to a recent report from Thorn, a technology nonprofit whose mission is to build technology to defend children from sexual abuse. Research shared in the Emerging Online Trends in Child Sexual Abuse 2023 report, indicates that minors are increasingly taking and sharing sexual images of themselves. This activity may occur consensually or

Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries

A previously undocumented threat actor of unknown provenance has been linked to a number of attacks targeting organizations in the manufacturing, IT, and biomedical sectors in Taiwan. The Symantec Threat Hunter Team, part of Broadcom, attributed the attacks to an advanced persistent threat (APT) it tracks under the name Grayling. Evidence shows that the campaign began in February 2023 and

New Magecart Campaign Alters 404 Error Pages to Steal Shoppers' Credit Cards

A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to large organizations in the food and retail industries. "In this campaign, all the victim websites we

libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks

A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts. Tracked as CVE-2023-43641 (CVSS score: 8.8), the issue is described as a case of memory corruption in libcue, a library designed for parsing cue sheet files. It impacts versions 2.2.1 and prior. libcue is incorporated into

Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the activity last month, said adversaries exploited "CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user

PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS

An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of a larger China-based operation codenamed BADBOX, which also entails selling off-brand mobile and connected TV (CTV) devices on popular online retailers and resale sites that are backdoored with an 

Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms

Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July 2023, primarily singling out banking and financial services, insurance, property management and

Webinar: How vCISOs Can Navigating the Complex World of AI and LLM Security

In today's rapidly evolving technological landscape, the integration of Artificial Intelligence (AI) and Large Language Models (LLMs) has become ubiquitous across various industries. This wave of innovation promises improved efficiency and performance, but lurking beneath the surface are complex vulnerabilities and unforeseen risks that demand immediate attention from cybersecurity professionals

"I Had a Dream" and Generative AI Jailbreaks

"Of course, here's an example of simple code in the Python programming language that can be associated with the keywords "MyHotKeyHandler," "Keylogger," and "macOS," this is a message from ChatGPT followed by a piece of malicious code and a brief remark not to use it for illegal purposes. Initially published by Moonlock Lab, the screenshots of ChatGPT writing code for a keylogger malware is yet

High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully compromise the cloud infrastructure, remotely execute code, and leak all customer and device

Security Patch for Two New Flaws in Curl Library Arriving on October 11

The maintainers of the Curl library have released an advisory warning of two security vulnerabilities that are expected to be addressed as part of an forthcoming update set for release on October 11, 2023. This includes a high-severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively. Additional details about the issues and the exact version

Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors

A Gaza-based threat actor has been linked to a series of cyber attacks aimed at Israeli private-sector energy, defense, and telecommunications organizations. Microsoft, which revealed details of the activity in its fourth annual Digital Defense Report, is tracking the campaign under the name Storm-1133. "We assess this group works to further the interests of Hamas, a Sunni militant group that is

North Korea's Lazarus Group Launders $900 Million in Cryptocurrency

As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year. "As traditional entities such as mixers continue to be subject to seizures and sanctions scrutiny, the crypto crime displacement to chain- or asset-hopping

Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike

Threat actors have been observed targeting semiconductor companies in East Asia with lures masquerading as Taiwan Semiconductor Manufacturing Company (TSMC) that are designed to deliver Cobalt Strike beacons. The intrusion set, per EclecticIQ, leverages a backdoor called HyperBro, which is then used as a conduit to deploy the commercial attack simulation software and post-exploitation toolkit.

New OS Tool Tells You Who Has Access to What Data

Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential to safeguard an organization’s assets, maintain customer trust, and meet regulatory requirements.  A

GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack

GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack. Validity checks, introduced by the Microsoft subsidiary earlier this year, alert users whether exposed tokens found by secret scanning are active, thereby allowing for effective remediation measures. It was first

Supermicro's BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities

Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems. The seven flaws, tracked from CVE-2023-40284 through CVE-2023-40290, vary in severity from High to Critical, according to Binarly

QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks

Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of Ransom Knight (aka Cyclops) ransomware and Remcos RAT. This indicates that “the law enforcement operation may not have impacted Qakbot operators’ spam delivery infrastructure but rather only their

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials. The vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), is due to the presence of static user credentials for the root account that the company said is usually reserved for use during

Analysis and Config Extraction of Lu0Bot, a Node.js Malware with Considerable Capabilities

Nowadays, more malware developers are using unconventional programming languages to bypass advanced detection systems. The Node.js malware Lu0Bot is a testament to this trend. By targeting a platform-agnostic runtime environment common in modern web apps and employing multi-layer obfuscation, Lu0Bot is a serious threat to organizations and individuals. Although currently, the malware has low

Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack

A governmental entity in Guyana has been targeted as part of a cyber espionage campaign dubbed Operation Jacana. The activity, which was detected by ESET in February 2023, entailed a spear-phishing attack that led to the deployment of a hitherto undocumented implant written in C++ called DinodasRAT. The Slovak cybersecurity firm said it could link the intrusion to a known threat actor or group,

GoldDigger Android Trojan Targets Banking Apps in Asia Pacific Countries

A new Android banking trojan named GoldDigger has been found targeting several financial applications with an aim to siphon victims' funds and backdoor infected devices. "The malware targets more than 50 Vietnamese banking, e-wallet and crypto wallet applications," Group-IB said. "There are indications that this threat might be poised to extend its reach across the wider APAC region and to

CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while removing five bugs from the list due to lack of adequate evidence. The vulnerabilities newly added are below - CVE-2023-42793 (CVSS score: 9.8) - JetBrains TeamCity Authentication Bypass Vulnerability CVE-

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks. "Apple is aware of a report that this issue may have

Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now

Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers. It does not impact Confluence versions prior to

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka AndroidControl), was first disclosed by Lookout in July 2023 as a strain of malware capable of gathering sensitive data from Android devices. It was attributed to the Chinese nation-state group APT41. On

Wing Disrupts the Market by Introducing Affordable SaaS Security

Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach has emerged that can be launched for $1,500 a year. If the name Wing Security (Wing) rings a bell, it is probably because earlier this year,

Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack

A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality. The package in question is node-hide-console-windows, which mimics the legitimate npm package node-hide-console-window in what's an instance of a typosquatting campaign. It was downloaded 704

Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance

Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through an SQL Server instance. "The attackers initially exploited a SQL injection vulnerability in an application within the target's environment," security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen said in a Tuesday report. "This allowed the

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS score: 7.8), the issue is a buffer overflow that resides in the dynamic loader's processing of the GLIBC_TUNABLES

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. "There are indications from Google Threat Analysis Group and Google Project Zero that CVE-2023-33106, CVE-2023-33107,

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. "These vulnerabilities [...] can lead to a full chain Remote

Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers

Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data from developer systems, according to findings from Fortinet FortiGuard Labs. One set of packages – named @expue/webpack, @expue/core, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable – harbored an obfuscated

API Security Trends 2023 – Have Organizations Improved their Security Posture?

APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their own applications. However, this increased reliance on

Protecting your IT infrastructure with Security Configuration Assessment (SCA)

Security Configuration Assessment (SCA) is critical to an organization's cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious actors exploit to gain unauthorized access to systems and data. Regular security configuration assessments are essential in maintaining a secure and compliant environment, as this minimizes the risk of cyber attacks. The

Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection

Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. "Attackers can utilize their own Cloudflare accounts to abuse the per-design trust-relationship between Cloudflare and the customers' websites, rendering the

Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation

Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver: All versions from r12p0 - r32p0 Bifrost GPU Kernel Driver: All versions from r0p0 - r42p0 Valhall GPU Kernel Driver: All versions from r19p0 -

Microsoft is Rolling out Support for Passkeys in Windows 11

Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step. Based on FIDO standards, Passkeys were first announced in May

ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families

Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs," Group-IB and Bridewell said in a new joint report. The actor, active since

Essential Guide to Cybersecurity Compliance

SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance. What is cybersecurity compliance?

Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions

An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android apps that target a broader list of apps than its predecessors. Some of the other targeted prominent

Threat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack Traffic

How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization’s threat response Summary of Findings The Network Effect Threat Report offers insights based on unique data from Fastly’s Next-Gen WAF from Q2 2023 (April 1, 2023 to June 30, 2023). This report

Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign

A "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future's Insikt Group, which is tracking the activity under the moniker TAG-74, said the adversary has been linked to "Chinese military intelligence and poses a significant threat to academic, aerospace and defense, government,

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and has been addressed in TeamCity version 2023.05.4 following responsible disclosure on September 6,

Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals

Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service manuals have begun to surface," Securonix researchers Den