News

Jun 03, 2023Ravie LakshmananEndpoint Security / Linux An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal. Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an “extremely high degree of similarity” between Royal and BlackSuit.

Jun 02, 2023Ravie LakshmananBotnet / Malware Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020. “Horabot enables the threat actor to control the victim’s Outlook mailbox, exfiltrate contacts’ email addresses, and send phishing emails with malicious HTML attachments to all addresses

Jun 02, 2023Ravie LakshmananCyber Espionage / APT U.S. and South Korean intelligence agencies have issued a new alert warning of North Korean cyber actors’ use of social engineering tactics to strike think tanks, academia, and news media sectors. The “sustained information gathering efforts” have been attributed to a state-sponsored cluster dubbed Kimsuky, which is also

Jun 01, 2023Ravie LakshmananNetwork Security / Exploit The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting different firewall

May 31, 2023Ravie LakshmananNetwork Security / Zero Day Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-2868 (CVSS score: N/A),

May 29, 2023Ravie LakshmananAuthentication / Mobile Security Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed BrutePrint, bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the

May 29, 2023Ravie LakshmananSupply Chain / Programming The Python Package Index (PyPI) announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication (2FA) by the end of the year. “Between now and the end of the year, PyPI will begin gating

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. “It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility,” Trend Micro said in a

May 26, 2023Ravie LakshmananData Safety / Cloud Security A new security flaw has been disclosed in the Google Cloud Platform’s (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data. “The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin

May 26, 2023Ravie LakshmananEmail Security / Zero-Day Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company’s Email Security Gateway (ESG) appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection vulnerability affecting

May 24, 2023Ravie LakshmananCyber Threat / Web Security At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell, which is also called Crimson

May 23, 2023Ravie LakshmananCyber Threat / APT Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. Russian cybersecurity firm Kaspersky, which has been keeping tabs on the group’s activities since mid-2020, characterized the adversary as both capable and stealthy. The targeting

May 22, 2023Ravie LakshmananData Protection / Privacy Facebook’s parent company Meta has been fined a record $1.3 billion by European Union data protection regulators for transferring the personal data of users in the region to the U.S. In a binding decision taken by the European Data Protection Board (EDPB), the social media giant has been

May 21, 2023Ravie LakshmananSoftware Security / Malware The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have temporarily disabled the ability for users to sign up and upload new packages until further notice. “The volume of malicious users and malicious projects being created on the index in

The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a fatal operational security blunder, cybersecurity firm eSentire said. The individual in question, who lives in Bucharest, Romania, has been given the codename Jack. He is one of the two criminals operating an account on the Russian-language Exploit.in

May 20, 2023Ravie LakshmananMobile Security / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as CVE-2023-21492 (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, and 13. The South Korean electronics giant described the issue as

May 19, 2023Ravie LakshmananZero-Day / Endpoint Security Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below – CVE-2023-32409 – A WebKit flaw that

May 18, 2023Ravie LakshmananNetwork Security / Vulnerability Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition. “These vulnerabilities are due to improper validation of requests that are

May 16, 2023Ravie LakshmananNetwork Security / Threat Intel The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023. An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom

May 15, 2023Ravie LakshmananNetwork Security / SCADA Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology (OT) networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the Black Hat Asia 2023 conference last week. The 11

May 12, 2023Ravie LakshmananNetwork Security / Malware As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution. “Successful exploits could allow attackers to monitor users’ internet activity, hijack internet connections, and redirect traffic to malicious websites or inject malware into

May 13, 2023Ravie Lakshmanan A new phishing-as-a-service (PhaaS or PaaS) platform named Greatness has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. “Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates

May 12, 2023Ravie LakshmananCyber Threat / Malware Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems. Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare clinics

A previously undetected advanced persistent threat (APT) actor dubbed Red Stinger has been linked to attacks targeting Eastern Europe since 2020. “Military, transportation, and critical infrastructure were some of the entities being targeted, as well as some involved in the September East Ukraine referendums,” Malwarebytes disclosed in a report published today. “Depending on the campaign,

May 10, 2023Ravie LakshmananPrivacy / Safety / Security Google unveiled a slew of new privacy, safety, and security features today at its annual developer conference, Google I/O. The tech giant’s latest initiatives are aimed at protecting its users from cyber threats, including phishing attacks and malicious websites, while providing more control and transparency over their

May 09, 2023Ravie LakshmananCyber Crime / DDoS Attack U.S. authorities have announced the seizure of 13 internet domains that offered DDoS-for-hire services to other criminal actors. The takedown is part of an ongoing international initiative dubbed Operation PowerOFF that’s aimed at dismantling criminal DDoS-for-hire infrastructures worldwide. The development comes almost five months after a “sweep”

May 08, 2023The Hacker NewsWebinar / Ransomware Are you concerned about ransomware attacks? You’re not alone. In recent years, these attacks have become increasingly common and can cause significant damage to organizations of all sizes. But there’s good news – with the right security measures in place, such as real-time MFA and service account protection,

May 06, 2023Ravie Lakshmanan Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The

May 06, 2023Ravie LakshmananAdvanced Persistent Threat An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. “The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload,

May 05, 2023Ravie LakshmananMobile Security / Android Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework. “The malware features several malicious Android applications that mimic legitimate applications, most of which have