August 30, 2024 at 01:06PM North Korean hackers utilized a patched Google Chrome zero-day to distribute the FudModule rootkit, gaining SYSTEM privileges through a Windows Kernel exploit. Microsoft attributed the attacks to the North Korean threat actor Citrine Sleet, known for targeting the cryptocurrency sector for financial gain. The group is also associated with other … Read more
August 30, 2024 at 09:45AM Researchers have discovered a sophisticated malware campaign using Google Sheets for command-and-control activities. The campaign targets various organizations worldwide, impersonating tax authorities to distribute a bespoke information-gathering tool called Voldemort. The malware utilizes advanced techniques while also exhibiting characteristics of cybercrime activity. Proofpoint experts believe the campaign is likely espionage-driven … Read more
August 29, 2024 at 07:48AM U.S. cybersecurity agencies have exposed an Iranian hacking group, Pioneer Kitten, coordinating ransomware attacks in the U.S. and abroad, targeting various sectors including education, finance, healthcare, defense, as well as local government entities. The group also utilizes fake HR websites to collect personal information and surveillance threats aligned with the … Read more
August 28, 2024 at 02:34PM Threat actors are exploiting a critical remote code execution bug in Atlassian to turn cloud environments into cryptomining networks. Trend Micro uncovered attacks that drain network resources using the flaw CVE-2023-22527 in Confluence Data Center and Server. The attackers use various methods and recommended patching the environment to prevent exploitation. … Read more
August 28, 2024 at 08:56AM The FBI, CISA, and the Department of Defense Cyber Crime Center jointly warn network defenders of ongoing cyber exploitation by an Iran-based group targeting U.S. and foreign organizations. The advisory details the threat actors’ tactics, techniques, and procedures, and provides indicators of compromise. Organizations are urged to follow recommended mitigations … Read more
August 28, 2024 at 05:13AM China’s Volt Typhoon group has been exploiting a zero-day bug in Versa Networks’ Director Servers to harvest credentials for future attacks. The bug, tracked as CVE-2024-39717, affects pre-22.1.4 versions and allows unauthorized access via management ports, prompting CISA to issue mitigation directives. Lumen researchers state the exploitation is likely ongoing … Read more
August 27, 2024 at 10:33AM Volt Typhoon, a China-based cyber espionage group, has been linked with exploiting a high-severity security flaw in Versa Director. The attacks targeted U.S. and non-U.S. victims in ISP, MSP, and IT sectors. The flaw allows malicious file uploads, potentially leading to large-scale supply chain attacks. Recommendations include security mitigations and … Read more
August 23, 2024 at 05:12PM A new version of XenoRAT malware called MoonPeak, with ties to North Korea’s Kimsuky group, is actively evolving and deploying complex infrastructure for command and control. It exhibits functional changes from the original XenoRAT, making detection challenging. Cisco Talos discovered the variant, analyzing its code modifications, infrastructure changes, and connections … Read more
August 23, 2024 at 09:51AM SecurityWeek’s cybersecurity news roundup provides a concise compilation of significant stories, including threats like fake domains targeting Cado Security and Android malware aiding ATM theft. Other highlights are QNAP’s enhanced NAS security, FlightAware’s data exposure, FAA’s proposed airplane cybersecurity rules, Iranian hackers targeting US entities, and vulnerabilities in Microsoft Entra … Read more
August 21, 2024 at 04:39PM Security researchers from Check Point Research discovered valuable information about the creator of Styx Stealer, a new malware tool, due to the threat actor’s operational security lapse. They were able to identify the malware author as an individual from Turkey with connections to the operator of an Agent Tesla campaign, … Read more