By relying on backdoors, the group is able to maintain its presence on the victim’s network and is known to create a RAR archive for exfiltration and removal of evidence.
The Internet Systems Consortium (ISC) last week announced the availability of patches for six vulnerabilities in the widely deployed BIND DNS software, all remotely exploitable.
Microsoft released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network.
The threat actor behind the Uber hack, which goes online by the moniker Tea Pot (aka teapotuberhacker), also claimed to have Rockstar Games, the gaming firm behind GTA 6.
Cyber adversaries have taken over enterprise Exchange Servers to launch a spam campaign aimed at signing people up for bogus subscriptions. The investigation revealed that the threat actors leveraged unsecured administrator accounts to gain initial access to highly vulnerable accounts that aren’t MFA enabled.
A massive operation that has reportedly siphoned millions of USD from credit cards since its launch in 2019 has been exposed and is considered responsible for losses for tens of thousands of victims.
Australia plans to toughen privacy rules to force companies to notify banks faster when they experience cyber-attacks, Prime Minister Anthony Albanese said on Monday, after hackers targeted the country's second-largest telecoms firm.
An Elasticsearch server belonging to a healthcare software provider in India is currently exposing the Covid antigen test results of Indians and foreign nationals who traveled to or from India in the last couple of years.
The BlackCat ransomware gang is now attacking targets with an upgraded version of its data exfiltration tool, named Exmatter, adding more stealth to its operation. Further, it has added 'Eraser' feature to corrupt processed files along with 'Self-destruct' configuration option to delete and quit if it runs in a non-valid environment.
Firmware security company Binarly has discovered another round of potentially serious firmware vulnerabilities that could allow an attacker to gain persistent access to any of the millions of affected devices.
The main customers of the gang were pro-Kremlin propagandists who used the compromised accounts in disinformation campaigns aimed at destabilizing the political contest in Ukraine and other countries.
Unit 42 researchers spotted 12,197 cases of domain shadowing between April and June. The phishing campaign compromised 16 domains to build 649 sub-domains. Shadow domains are difficult for the victims to detect because they do not interfere with the regular operations of the hacked domains. According to Unit 42, show more ... it is challenging to identify bogus domains without the aid of automated machine learning algorithms that can examine a significant volume of DNS logs.
The security flaw, tracked as CVE-2022-39239, allowed an attacker to bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images.
In a new malspam campaign, someone posing as a Malaysian prospect and using a fairly odd variety of English, asks the recipient to review some customer requirements and get back with the requested documents.
As the airline said in filings with the Office of the New Hampshire Attorney General, after receiving these phishing reports, American's CIRT discovered unauthorized activity in the company's Microsoft 365 environment.
Immunefi has raised $24 million as part of its Series A round led by Framework Ventures. Other investors include Samsung Next, Electric Capital, and Polygon Ventures. That brings its total raised to now $29.5 million.
Security researchers at AhnLab Security Emergency Response Center (ASEC) say that TargetCompany (aka FARGO) is one of the most prominent ransomware strains that focus on MS-SQL servers, along with GlobeImposter.
The switch will not go live for all users in 2023. Rather, support for Fitbit accounts is expected to continue until at least the beginning of 2025, after which a Google account will be mandatory for using the devices.
The packages in question were published from the npm account of a dYdX staff member and found to contain illicit code that would run infostealers on a system when installed.
The intrusions involved the exploitation of CVE-2022-1040 and CVE-2022-30190 (aka "Follina"), two remote code execution vulnerabilities in Sophos Firewall and Microsoft Office, respectively.
The infection vector of NullMixer is based on a ‘User Execution’ malicious link that requires the end user to click on and download a password-protected ZIP/RAR archive with a malicious file that is extracted and executed manually.
The UK Information Commissioner’s Office (ICO) announced on Monday that it had issued TikTok with a “notice of intent” which is a legal document that TikTok is allowed to respond to ahead of a potential fine.
The new data corruption tactic was identified in a new BlackCat ransomware attack and analyzed by the Cyderes Special Operations team and the Stairwell Threat Research team.
Ubuntu Security Notice 5637-1 - It was discovered that libvpx incorrectly handled certain WebM media files. A remote attacker could use this issue to crash an application using libvpx under certain conditions, resulting in a denial of service.
Gentoo Linux Security Advisory 202209-15 - Multiple vulnerabilities have been found in Oracle JDK and JRE, the worst of which could result in the arbitrary execution of code. Versions less than or equal to 11.0.2 are affected.
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. show more ... GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
Ubuntu Security Notice 5636-1 - It was discovered that SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.
The WiFi Mouse (Mouse Server) from Necta LLC contains an authentication bypass as the authentication is completely implemented entirely on the client side. By utilizing this vulnerability, is possible to open a program on the server (cmd.exe in our case) and type commands that will be executed as the user running WiFi show more ... Mouse (Mouse Server), resulting in remote code execution. Tested against versions 1.8.3.4 (current as of module writing) and 1.8.2.3.
Veritas Backup Exec Agent supports multiple authentication schemes and SHA authentication is one of them. This authentication scheme is no longer used within Backup Exec versions, but had not yet been disabled. An attacker could remotely exploit the SHA authentication scheme to gain unauthorized access to the BE Agent show more ... and execute an arbitrary OS command on the host with NT AUTHORITYSYSTEM or root privileges depending on the platform. The vulnerability presents in 16.x, 20.x and 21.x versions of Backup Exec up to 21.2 (or up to and including Backup Exec Remote Agent revision 9.3).
Gentoo Linux Security Advisory 202209-14 - Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties. Versions less than 6.4.22 are affected.
Backdoor.Win32.Augudor.b malware suffers from a code execution vulnerability.
Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.
WordPress Forym plugin version 1.5.7 suffers from a cross site scripting vulnerability.
Gentoo Linux Security Advisory 202209-13 - Multiple vulnerabilities have been discovered in libaacplus, the worst of which could result in denial of service. Versions less than or equal to 2.0.2-r3 are affected.
WordPress Sabai Discuss plugin version 1.4.13 suffers from a cross site scripting vulnerability.
Gentoo Linux Security Advisory 202209-12 - Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass. Versions less than 2.06 are affected.
Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.
Gentoo Linux Security Advisory 202209-11 - Multiple vulnerabilities have been discovered in HarfBuzz, the worst of which could result in arbitrary code execution. Versions less than 4.4.0 are affected.
WooCommerce plugin BRW Booking Rental version 1.3.1 from Ovatheme suffers from a cross site scripting vulnerability.
Backdoor.Win32.Psychward.b malware suffers from a hardcoded credential vulnerability.
Gentoo Linux Security Advisory 202209-10 - A vulnerability has been discovered in Logcheck's ebuilds which could allow for root privilege escalation. Versions less than or equal to 1.3.23 are affected.
Gentoo Linux Security Advisory 202209-9 - Multiple vulnerabilities have been found in Smarty, the worst of which could result in remote code execution. Versions less than 4.2.1 are affected.
Backdoor.Win32.Bingle.b malware suffers from a hardcoded credential vulnerability.
Ubuntu Security Notice 5635-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered show more ... that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.
Active eCommerce CMS version 6.3.0 suffers from a cross site scripting vulnerability.
Active eCommerce CMS version 6.3.0 suffers from an arbitrary file download vulnerability.
Gentoo Linux Security Advisory 202209-8 - Multiple vulnerabilities have been discovered in Smokeping, the worst of which could result in root privilege escalation. Versions less than or equal to 2.7.3-r1 are affected.
Ukrainian law enforcement authorities on Friday disclosed that it had "neutralized" a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 (14 million UAH) through electronic payment systems
A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan
The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software," researchers from Symantec
Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones. While traditionally,
Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said. The switch will not go live for all users in 2023. Rather, support for Fitbit accounts is
At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of the purported show more ... hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn
Graham Cluley Security News is sponsored this week by the folks at Pentera. Thanks to the great team there for their support! Leaked and stolen credentials continue to pose a critical risk to organizations globally. In fact, 65% of breaches involve leaked credentials taken from the dark web and other sources. While show more ... threat intelligence tools … Continue reading "See how Pentera identifies and mitigates the risk of your most exploitable exposed credentials"
Politicians including Portugese president Marcelo Rebelo de Sousa are amongst those who have had their personal information leaked following an attack by the notorious Ragnar Locker gang against the country's national airline TAP. Read more in my article on the Hot for Security blog.
Users of Revolut, the popular banking app, would be wise to be on their guard - as scammers are sending out barrages of SMS text messages, posing as official communications from the financial firm.
Could the 16-year-old arrested in Oxford in March now be the 17-year-old arrested in Oxfordshire and charged with breaching his bail conditions?
