Cybersecurity News
Apr 24th, 2024 - Networking Giant Dubs Campaign Against Government Customers 'Arcane Door' Probable nation-state hackers targeted Cisco firewall appliances in a campaign dating to late 2023, the networking giant disclosed Wednesday. The company released three patches - two of them rated critical - for devices running Adaptive Security Appliance and Cisco Firepower Threat Defense software. Cisco said it spotted hackers implanting malware and potentially stealing data from infected devices. It dubbed the campaign ... [Read More]
Source: cuinfosecurity.com
Apr 24th, 2024 - CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices. The documents, which have been injected with the malware through the "ctrlpanel.exe" file in 2018, may have been leveraged as lures to facilitate further compromise, according to a report from Cisco Talos' ... [Read More]
Source: scmagazine.com
Apr 24th, 2024 - No matter how confident you are that you won't get fooled by an online scam, you can never be too careful when opening texts and emails from unknown senders. That's doubly true for Verizon customers right now, as a new phishing campaign targeting the carrier's subscribers is currently making the rounds, as noted by cybersecurity firm Fortra . According to Fortra (via FOX59 News ), the proprietors of this campaign have been sending out emails that look legitimate at first glance. In fact, these ... [Read More]
Source: bgr.com
Apr 24th, 2024 - The Chinese APT group is using a variety of tools to infiltrate networks and steal large amounts of data. ToddyCat, a Chinese advanced persistent threat (APT) group that has been targeting Asian and European government and military organizations over the past four years, is using several different traffic tunneling tools to ensure persistent access to compromised networks, according to researchers at Kaspersky Lab. The group's primary goal is the exfiltration of large volumes of sensitive ... [Read More]
Source: csoonline.com
Apr 24th, 2024 - Cisco Systems Inc. today warned that a suspected national-state actor has been actively targeting two previously unknown security vulnerabilities in Cisco products since November to breach government networks. The campaign, dubbed "ArcaneDoor" and tracked as UAT4356, was first detected by Cisco when it was contacted by a customer earlier this year. The customer reported suspicious activity on its Cisco Adaptive Security Appliances. Subsequent investigation identified additional victims, all of ... [Read More]
Source: siliconangle.com
Apr 23rd, 2024 - eScan AV updates were delivered over HTTP for five years. Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service delivered updates over HTTP, a protocol vulnerable to attacks that corrupt or tamper with data as it travels over the Internet. The unknown hackers, who may have ties to the North Korean government, pulled off this feat by performing a man-in-the-middle (MiitM) attack that replaced the genuine update with a ... [Read More]
Source: arstechnica.com
Apr 23rd, 2024 - For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a launcher application that can spawn other applications with SYSTEM-level permissions, thus helping the hackers to perform remote code execution, install backdoors, steal credentials, and more. "Microsoft has observed Forest Blizzard using GooseEgg as part of ... [Read More]
Source: helpnetsecurity.com
Apr 22nd, 2024 - Information-stealing trojan RedLine Stealer has gained a more advanced variant leveraging the Lua bytecode and spoofing game cheats to facilitate increased stealth, The Hacker News reports. Attacks involved the exploitation of GitHub to enable the delivery of a ZIP archive masquerading as a game cheat, including an MSI installer that would run malicious Lua bytecode, which would prevent PowerShell, JScript, and other familiar scripts while concealing malicious strings, a report from McAfee Labs ... [Read More]
Source: scmagazine.com
Apr 22nd, 2024 - Recently, researchers uncovered a significant threat dubbed Spectre v2, a variant of the notorious Spectre attack, targeting Linux systems running on modern Intel processors. Let's delve into the intricacies of this exploit, its implications, and the measures being taken to mitigate its impact. Spectre v2 Attack Details The first native Spectre v2 exploit was revealed by researchers from the VUSec group at VU Amsterdam. This exploit capitalizes on a speculative execution ... [Read More]
Source: securityboulevard.com
Apr 18th, 2024 - A cryptominer campaign leveraged five vulnerabilities in OpenMetadata to infect environments. Kubernetes environments have come under attack in a campaign exploiting vulnerabilities in OpenMetadata, Microsoft revealed Wednesday. The Microsoft Threat Intelligence report described how attackers leveraged five recently disclosed bugs in the open-source metadata management platform to deploy cryptominers on Kubernetes clusters since the beginning of April. OpenMetadata enables metadata to be ... [Read More]
Source: scmagazine.com
Apr 24th, 2024 - Networking Giant Dubs Campaign Against Government Customers 'Arcane Door' Probable nation-state hackers targeted Cisco firewall appliances in a campaign dating to late 2023, the networking giant disclosed Wednesday. The company released three patches - two of them rated critical - for devices running Adaptive Security Appliance and Cisco Firepower Threat Defense software. Cisco said it spotted hackers implanting malware and potentially stealing data from infected devices. It dubbed the campaign ... [Read More]
Source: cuinfosecurity.com
Apr 24th, 2024 - CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices. The documents, which have been injected with the malware through the "ctrlpanel.exe" file in 2018, may have been leveraged as lures to facilitate further compromise, according to a report from Cisco Talos' ... [Read More]
Source: scmagazine.com
Apr 24th, 2024 - No matter how confident you are that you won't get fooled by an online scam, you can never be too careful when opening texts and emails from unknown senders. That's doubly true for Verizon customers right now, as a new phishing campaign targeting the carrier's subscribers is currently making the rounds, as noted by cybersecurity firm Fortra . According to Fortra (via FOX59 News ), the proprietors of this campaign have been sending out emails that look legitimate at first glance. In fact, these ... [Read More]
Source: bgr.com
Apr 24th, 2024 - The Chinese APT group is using a variety of tools to infiltrate networks and steal large amounts of data. ToddyCat, a Chinese advanced persistent threat (APT) group that has been targeting Asian and European government and military organizations over the past four years, is using several different traffic tunneling tools to ensure persistent access to compromised networks, according to researchers at Kaspersky Lab. The group's primary goal is the exfiltration of large volumes of sensitive ... [Read More]
Source: csoonline.com
Apr 24th, 2024 - Cisco Systems Inc. today warned that a suspected national-state actor has been actively targeting two previously unknown security vulnerabilities in Cisco products since November to breach government networks. The campaign, dubbed "ArcaneDoor" and tracked as UAT4356, was first detected by Cisco when it was contacted by a customer earlier this year. The customer reported suspicious activity on its Cisco Adaptive Security Appliances. Subsequent investigation identified additional victims, all of ... [Read More]
Source: siliconangle.com
Apr 23rd, 2024 - eScan AV updates were delivered over HTTP for five years. Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service delivered updates over HTTP, a protocol vulnerable to attacks that corrupt or tamper with data as it travels over the Internet. The unknown hackers, who may have ties to the North Korean government, pulled off this feat by performing a man-in-the-middle (MiitM) attack that replaced the genuine update with a ... [Read More]
Source: arstechnica.com
Apr 23rd, 2024 - For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a launcher application that can spawn other applications with SYSTEM-level permissions, thus helping the hackers to perform remote code execution, install backdoors, steal credentials, and more. "Microsoft has observed Forest Blizzard using GooseEgg as part of ... [Read More]
Source: helpnetsecurity.com
Apr 22nd, 2024 - Information-stealing trojan RedLine Stealer has gained a more advanced variant leveraging the Lua bytecode and spoofing game cheats to facilitate increased stealth, The Hacker News reports. Attacks involved the exploitation of GitHub to enable the delivery of a ZIP archive masquerading as a game cheat, including an MSI installer that would run malicious Lua bytecode, which would prevent PowerShell, JScript, and other familiar scripts while concealing malicious strings, a report from McAfee Labs ... [Read More]
Source: scmagazine.com
Apr 22nd, 2024 - Recently, researchers uncovered a significant threat dubbed Spectre v2, a variant of the notorious Spectre attack, targeting Linux systems running on modern Intel processors. Let's delve into the intricacies of this exploit, its implications, and the measures being taken to mitigate its impact. Spectre v2 Attack Details The first native Spectre v2 exploit was revealed by researchers from the VUSec group at VU Amsterdam. This exploit capitalizes on a speculative execution ... [Read More]
Source: securityboulevard.com
Apr 18th, 2024 - A cryptominer campaign leveraged five vulnerabilities in OpenMetadata to infect environments. Kubernetes environments have come under attack in a campaign exploiting vulnerabilities in OpenMetadata, Microsoft revealed Wednesday. The Microsoft Threat Intelligence report described how attackers leveraged five recently disclosed bugs in the open-source metadata management platform to deploy cryptominers on Kubernetes clusters since the beginning of April. OpenMetadata enables metadata to be ... [Read More]
Source: scmagazine.com
You May Also Like…
Understanding the Change Healthcare Breach
The Change Healthcare breach represents a pivotal moment in healthcare cybersecurity, with its extensive effects felt across hospitals and health systems nationwide. Orchestrated by the...
Proposed $1.4B to Help Hospitals Improve Their Cybersecurity
Biden’s 2025 Proposed $7.3 trillion Budget: $1.4B to Help Hospitals Improve Their Cybersecurity President Biden recently unveiled the draft 2025 budget, which allocates $1.3B in funding for...
50 Companies that will be Hacked in 2024
Introduction ProcessBolt ThreatScape is an attack surface monitoring tool that uses publicly available information to analyze the strength of an organization’s information security program....