Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit 42 researchers said in a report last week. "The observed activity aligns with geopolitical goals of

New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims' machines, each cluster is characterized by distinct tools, modus operandi, and infrastructure," Palo Alto

IcedID Malware Adapts and Expands Threat with Updated BackConnect Module

The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that's used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started off as a banking trojan in 2017, before switching to the role of an initial access facilitator

New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer (P2P) worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than other worms," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said. "This

Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering

A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the release of the 0ktapus phishing kit, which offered a prebuilt hosting framework and bundled templates,"

State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. "The main goal of the attacks was to obtain highly confidential and sensitive information, specifically related to politicians, military activities, and ministries of foreign

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks

The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That's according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal. Alloy Taurus is the constellation-themed moniker assigned to a

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices

Researchers are warning about a spike in exploitation attempts weaponizing a now-patched critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the

Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus, said it observed the government domains attempting to connect to malware infrastructure previously identified as associated

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations," Palo Alto Networks Unit 42

Russian Hackers Targeted Petroleum Refinery in NATO Country During Ukraine War

The Russia-linked Gamaredon group attempted to unsuccessfully break into a large petroleum refining company within a NATO member state earlier this year amid the ongoing Russo-Ukrainian war. The attack, which took place on August 30, 2022, is just one of multiple intrusions orchestrated by the advanced persistent threat (APT) that's attributed to Russia's Federal Security Service (FSB).

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a key line of defense to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site

Researchers Detail OriginLogger RAT — Successor to Agent Tesla Malware

Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan (RAT) known as Agent Tesla. A .NET based keylogger and remote access, Agent Tesla has had a long-standing presence in the threat landscape, allowing malicious actors to gain remote access to targeted

CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2022-0028 (CVSS score: 8.6), is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to

Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads

The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022," Palo Alto Networks Unit 42 said in a Tuesday

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo

Learn Cybersecurity with Palo Alto Networks Through this PCCSA Course @ 93% OFF

In the world of cybersecurity, reputation is everything. Most business owners have little understanding of the technical side, so they have to rely on credibility. Founded back in 2005, Palo Alto Networks is a cybersecurity giant that has earned the trust of the business community thanks to its impressive track record. The company now provides services to over 70,000 organizations in 150