Month: August 2023

0 Comments
A recent survey conducted by Jamf, a provider of enterprise-level management and security solutions for Apple ecosystems, has revealed that 49% of European enterprises are operating without a formal Bring-Your-Own-Device (BYOD) policy.  This statistic indicates that a significant portion of organizations across Europe lack visibility and control over the devices – whether personal or work-related
0 Comments
Aug 31, 2023THNMalware / Cyber Threat An open-source .NET-based information stealer malware dubbed SapphireStealer is being used by multiple entities to enhance its capabilities and spawn their own bespoke variants. “Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the
0 Comments
A new security flaw has been discovered in the widely used All-in-One WP Migration Extensions plugin, potentially leaving millions of WordPress websites vulnerable to unauthorized access token manipulation. The All-in-One WP Migration plugin, a popular tool for seamlessly migrating WordPress websites, boasts over 60 million installations. The plugin offers premium extensions, including those for Box,
0 Comments
Aug 30, 2023THNMobile Security / Malware A previously undocumented Android banking trojan dubbed MMRat has been observed targeting mobile users in Southeast Asia since late June 2023 to remotely commandeer the devices and perform financial fraud. “The malware, named after its distinctive package name com.mm.user, can capture user input and screen content, and can also
0 Comments
The leak of the LockBit 3.0 ransomware builder has triggered a surge in personalized variants, impacting various organizations.  Writing in an advisory published last Friday, Kaspersky researchers Eduardo Ovalle and Francesco Figurelli have provided insights into the consequences of this breach, shedding light on the array of LockBit 3.0 derivatives. LockBit 3.0, also known as
0 Comments
A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which is tracking the activity under the name UNC4841, described the threat actor as “highly responsive
0 Comments
The North Korean state-sponsored actor Lazarus Group recently started a new campaign targeting internet backbone infrastructure and healthcare entities in Europe and the US, security researchers from Cisco Talos have found. The researchers said that the attackers began exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) in January 2023, only five days after it was disclosed. This
0 Comments
Aug 28, 2023THNVulnerability / Active Directory Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. “An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens,”
0 Comments
The FBI has urged users of affected Barracuda appliances to replace them immediately, after warning that they’re still being targeted by a Chinese APT group. A Flash update issued by the agency this week revealed that zero-day vulnerability CVE-2023-2868 continues to be exploited by the group, dubbed UNC4841 by Mandiant, in cyber-espionage attacks. “Barracuda customers
0 Comments
Aug 26, 2023THNData Breach / SIM Swapping Risk and financial advisory solutions provider Kroll on Friday disclosed that one of its employees fell victim to a “highly sophisticated” SIM swapping attack. The incident, which took place on August 19, 2023, targeted the employee’s T-Mobile account, the company said. “Specifically, T-Mobile, without any authority from or
0 Comments
Security researchers are urging Azure Active Directory (AD) users to monitor for abandoned reply URLs after revealing a critical vulnerability in the Microsoft Power Platform. Secureworks said it discovered the reply URL takeover bug earlier in April and it was fixed by Microsoft within 24 hours. More specifically, the researchers had found an abandoned reply
0 Comments
The UK’s data protection watchdog is urging victims of so-called “text pests” to come forward after revealing that nearly a third (29%) of 18–34-year-olds have had their personal information misused. Text pest cases occur when an individual gives their personal details, including phone number or email, to a business for legitimate reasons. However, someone working
0 Comments
Aug 24, 2023THNCyber Attack / Hacking The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco
0 Comments
The notorious XLoader malware has resurfaced, posing as a seemingly innocuous office productivity app named “OfficeNote.” Known for its malicious activities since 2015, XLoader started targeting macOS systems in 2021, leveraging Java dependencies for its operation. However, according to an advisory published by SentinelOne on Monday, this new iteration is self-sufficient, programmed in C and
0 Comments
Aug 23, 2023THNCryptocurrency / Cyber Attack The U.S. Federal Bureau of Investigation (FBI) on Tuesday warned that threat actors affiliated with North Korea may attempt to cash out stolen cryptocurrency worth more than $40 million. The law enforcement agency attributed the blockchain activity to an adversary the U.S. government tracks as TraderTraitor, which is also
0 Comments
Cybersecurity-as-a-Service provider Critical Insight has unveiled its 2023 H1 Healthcare Data Breach Report, offering insights into the cybersecurity landscape of the healthcare sector.  The analysis is based on reported data breaches from healthcare organizations to the US Department of Health and Human Services (HHS). The report notes an overall decrease of 15% in total breaches
0 Comments
by Paul Ducklin Researchers at Apple device management company Jamf recently published an intriguing paper entitled Fake Airplane Mode: A mobile tampering technique to maintain connectivity. We’ll start with the good news: the tricks that Jamf discovered can’t magically be triggered remotely, for example merely by enticing you to a booby-trapped website. Attackers need to
0 Comments
A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity. Over 600 IT, cybersecurity, and business leaders at
0 Comments
Cyber-criminals have been exploiting fraudulent artificial intelligence (AI) bots to attempt and install malicious software under the guise of genuine AI applications. According to a new advisory published by ESET security researchers, the campaign came to light when an advertisement on Facebook promoted the download of what seemed to be the latest version of Google’s
0 Comments
Aug 21, 2023THNVulnerability / Cyber Threat A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes.
0 Comments
A collaborative effort led by Interpol, known as Africa Cyber Surge II, has yielded significant results in combating cybercrime across the African continent.  The joint initiative, supported by international and national law enforcement agencies alongside private sector cybersecurity companies, has led to the successful arrest of 14 suspected cyber-criminals. The operation also identified over 20,000
0 Comments
Aug 19, 2023THNNetwork Security / Vulnerability Networking hardware company Juniper Networks has released an “out-of-cycle” security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulative CVSS rating of 9.8, making them Critical in severity.
0 Comments
A significant phishing campaign employing QR codes has recently come to light, with a major US-based energy company as one of the primary targets.  The campaign, which began in May 2023, has witnessed a 2400% surge in volume since then, underscoring the urgency of addressing this emerging threat. Cybersecurity company Cofense has been closely monitoring