Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion

December 13, 2024 at 03:04AM Trend Micro researchers examined a social engineering attack where an attacker impersonated a client during a Microsoft Teams call. The victim was tricked into downloading AnyDesk, allowing remote access, which facilitated the installation of DarkGate malware. The attack was ultimately stopped before any data exfiltration occurred, highlighting security vulnerabilities. **Meeting … Read more

Ivanti Patches Critical Flaws in Connect Secure, Cloud Services Application

December 11, 2024 at 06:19AM Ivanti announced patches for 11 vulnerabilities, including five critical-severity bugs affecting Cloud Services Application, Connect Secure, and Policy Secure. Notably, CVE-2024-11639, with a CVSS score of 10, allows authentication bypass. Users are urged to update their systems. No evidence of exploitation has been reported. ### Meeting Takeaways 1. **Ivanti Vulnerability … Read more

Ivanti warns of maximum severity CSA auth bypass vulnerability

December 10, 2024 at 02:45PM Ivanti has alerted customers about a severe authentication bypass vulnerability (CVE-2024-11639) in its Cloud Services Appliance, allowing attackers to gain admin access remotely. Users should upgrade to CSA 5.0.3. The company also patched other vulnerabilities but found no evidence of exploitation prior to disclosure. **Meeting Takeaways: Ivanti Security Advisory Update** … Read more

Chinese hackers use Visual Studio Code tunnels for remote access

December 10, 2024 at 07:48AM Chinese hackers are utilizing Visual Studio Code tunnels to maintain persistent remote access to compromised IT service providers in Southern Europe, in a campaign dubbed ‘Operation Digital Eye.’ Initiating access through SQL injection and employing various techniques, these activities were detected by SentinelLabs, raising alarms about this emerging threat. ### … Read more

Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage

December 10, 2024 at 06:54AM A cyber espionage group linked to China has targeted IT service providers in Southern Europe, utilizing Microsoft Visual Studio Code Remote Tunnels for command and control. Detected between June and July 2024, the attacks aimed to establish footholds for future data breaches, leveraging legitimate tools to evade detection, highlighted by … Read more

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

December 9, 2024 at 01:18PM Black Basta ransomware is evolving its tactics, utilizing social engineering and various malware like Zbot and DarkGate since October 2024. The group employs email bombing, impersonation on Microsoft Teams, and QR codes to target users. Their ultimate aim includes credential harvesting and VPN file theft for further breaches. ### Meeting … Read more

Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’

December 5, 2024 at 08:13PM Microsoft’s threat intelligence team reports that the China-linked group Storm-0227 is targeting critical infrastructure and US government agencies, leveraging public security vulnerabilities and spear-phishing tactics. Active since January, they steal credentials and sensitive data, indicating significant and ongoing espionage efforts focused on US defense, telecommunications, and legal sectors. ### Meeting … Read more

Hackers exploit ProjectSend flaw to backdoor exposed servers

November 27, 2024 at 04:04PM A critical authentication bypass flaw (CVE-2024-11680) in ProjectSend allows attackers to exploit vulnerable versions to upload webshells and gain remote access. Despite a fix released on May 16, 2023, 99% of users remain vulnerable. Active exploitation has surged since September 2024, necessitating urgent updates to version r1750. ### Meeting Takeaways … Read more

QNAP addresses critical flaws across NAS, router software

November 25, 2024 at 05:18PM QNAP has issued security bulletins addressing multiple vulnerabilities, including three critical ones in Notes Station 3 and QuRouter. Users are urged to update to the latest versions to mitigate risks. Other products also received important fixes. QNAP advises against direct Internet connections for devices to prevent exploitation. ### Meeting Takeaways: … Read more

Vulnerabilities Expose mySCADA myPRO Systems to Remote Hacking

November 25, 2024 at 11:03AM The myPRO system by mySCADA has critical vulnerabilities allowing remote attackers to gain control. Discovered by researcher Michael Heinzl, the flaws include OS command injection and improper authentication. mySCADA has released patches, but the exact number of vulnerable systems remains unclear. CISA reports no known exploitations to date. ### Meeting … Read more