January 1, 2024 at 09:18AM Security researchers have uncovered a new DLL search order hijacking technique that allows threat actors to execute malicious code on Windows 10 and 11. By leveraging trusted WinSxS folder executables, adversaries can bypass security mechanisms and introduce potentially vulnerable binaries into the attack chain. Security Joes urges organizations to closely … Read more
January 1, 2024 at 02:00AM JinxLoader, a new Go-based malware loader, has been identified as a method used by threat actors to deliver next-stage payloads such as Formbook and XLoader. Cybersecurity firms highlighted its use in multi-step attack sequences via phishing emails impersonating Abu Dhabi National Oil Company, leading to a surge in infections and … Read more
December 29, 2023 at 03:40PM Summary: This week, there was minimal research on ransomware, with focus on new attacks and LockBit affiliates targeting hospitals. Notable incidents include Yakult Australia’s cyber incident, Ohio Lottery’s system shutdown, LockBit attacks on German hospitals, and new ransomware variants discovered by PCrisk. Microsoft again disabled a protocol handler due to … Read more
December 20, 2023 at 01:10PM Ivanti released security updates fixing 13 critical vulnerabilities in their Avalanche enterprise mobile device management (MDM) solution. The flaws relate to buffer overflows. Unauthenticated attackers could exploit them for remote code execution. All issues were resolved in Avalanche v6.4.2.313. CISA and NCSC-NO have expressed concern about potential widespread exploitation in … Read more
December 20, 2023 at 05:57AM Chinese-speaking threat actors, known as Smishing Triad, have impersonated the UAE Federal Authority for Identity and Citizenship to send malicious SMS messages aimed at gathering sensitive information. They utilize URL-shortening services and fake websites. The group also offers smishing kits for sale and engages in Magecart-style attacks. Another disclosure involves … Read more
December 19, 2023 at 07:51AM A joint report by the Justice Department and Department of Homeland Security confirms cyberattacks during the 2022 US mid-term election, including activities linked to Russia and China. Despite these efforts, there is no evidence of significant impact on election integrity or security. A separate report by the ODNI examines foreign … Read more
December 17, 2023 at 04:44PM The developers of Rhadamanthys malware have released two major versions, enhancing its information-stealing capabilities. Sold via subscription, it’s distributed through various channels. Check Point’s analysis of version 0.5.0 revealed a new plugin system, improved stub construction, and targeted crypto apps. Version 0.5.1 introduces a new Clipper plugin and other advanced … Read more
December 17, 2023 at 04:44PM The QakBot malware, previously disrupted by law enforcement, has resurfaced in new phishing campaigns. Microsoft warns of email phishing attacks impersonating IRS employees, distributing QakBot via a malicious PDF file. The malware, initially a banking trojan, has evolved into a delivery service for ransomware attacks and data theft, using various … Read more
December 15, 2023 at 06:42AM Threat actors are exploiting a critical remote code execution flaw in internet-accessible Apache Struts 2 instances. Tracked as CVE-2023-50164, the bug allows attackers to manipulate file upload parameters and upload malicious files, resulting in RCE. Despite widespread exploitation attempts, scaling the attack is challenging. Users of affected Struts versions are … Read more
December 14, 2023 at 07:18AM Several serious vulnerabilities have been found in Dell’s PowerProtect products, impacting various appliances and potentially allowing attackers to execute malicious code, steal information, and gain control of systems. Dell is urging customers to review and implement security measures outlined in the DSA-2023-412 advisory and emphasizes the importance of product security … Read more