Mon.Apr 22, 2024

article thumbnail

Using Legitimate GitHub URLs for Malware

Schneier on Security

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg. The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.

Malware 317
article thumbnail

Weekly Update 396

Troy Hunt

"More Data Breaches Than You Can Shake a Stick At" That seems like a reasonable summary and I suggest there are two main reasons for this observation. Firstly, there are simply loads of breaches happening and you know this already because, well, you read my stuff! Secondly, There are a couple of Twitter accounts in particular that are taking incidents that appear across a combination of a popular clear web hacking forum and various dark web ransomware websites and "raising them to th

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published

Penetration Testing

Security researcher Naor Hodorov has made public a proof-of-concept (PoC) exploit for a severe vulnerability (CVE-2024-21111) in Oracle VirtualBox. This vulnerability plagues VirtualBox versions before 7.0.16 and allows attackers with basic access to a... The post Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published appeared first on Penetration Testing.

article thumbnail

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

The Hacker News

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.

145
145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Change Healthcare Finally Admits It Paid Ransomware Hackers—and Still Faces a Patient Data Leak

WIRED Threat Level

The company belatedly conceded both that it had paid the cybercriminals extorting it and that patient data nonetheless ended up on the dark web.

article thumbnail

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. Since at least June 2020, and possibly earlier, the cyberespionage group has used the tool GooseEgg to exploit the CVE-2022-38028 vulnerability.

More Trending

article thumbnail

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The Hacker News

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network.

article thumbnail

North Koreans Secretly Animated Amazon and Max Shows, Researchers Say

WIRED Threat Level

Thousands of exposed files on a misconfigured North Korean server hint at one way the reclusive country may evade international sanctions.

142
142
article thumbnail

Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities

Security Affairs

Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve rootkit-like capabilities. SafeBreach researcher Or Yair devised a technique, exploiting vulnerabilities in the DOS-to-NT path conversion process, to achieve rootkit-like capabilities on Windows. When a user executes a function with a path argument in Windows, the DOS path of the file or folder is converted to an NT path.

Software 142
article thumbnail

Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage

The Hacker News

Microsoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient. "They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective," the tech giant said in its latest report on East Asia hacking groups.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

A financially motivated group named GhostR claims the theft of a sensitive database from World-Check and threatens to publish it. World-Check is a global database utilized by various organizations, including financial institutions, regulatory bodies, and law enforcement agencies, for assessing potential risks associated with individuals and entities.

Risk 142
article thumbnail

ToddyCat is making holes in your infrastructure

SecureList

We continue covering the activities of the APT group ToddyCat. In our previous article , we described tools for collecting and exfiltrating files ( LoFiSe and PcExter ). This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts they are interested in, and what tools they use to extract it.

VPN 142
article thumbnail

Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

The Hacker News

The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data.

article thumbnail

CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign

Penetration Testing

A new critical vulnerability has emerged, targeting users of the popular enterprise file transfer software, CrushFTP. This zero-day flaw, identified as CVE-2024-4040 with a CVSS score of 7.7, poses a severe risk to organizations... The post CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

The Hacker News

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg.

Malware 141
article thumbnail

A cyber attack paralyzed operations at Synlab Italia

Security Affairs

A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical diagnosis services, since April 18. Since April 18, Synlab Italia, a major provider of medical diagnosis services, has been experiencing disruptions due to a cyber attack. The company initially cited technical issues as the cause leading to “temporary interruption of access to computer and telephone systems and related services.” However, a concerning scenario has emerged a few hours later.

article thumbnail

U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

The Hacker News

The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such businesses.

Spyware 135
article thumbnail

Sharp Stealer: New Malware Targets Gamers’ Accounts and Online Identities

Penetration Testing

A new threat has emerged in the cybercrime world, specifically designed to prey on the lucrative gaming community. Security researchers from G DATA have analyzed “Sharp Stealer,” a malware family that steals login credentials,... The post Sharp Stealer: New Malware Targets Gamers’ Accounts and Online Identities appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

The Hacker News

Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur.

article thumbnail

The 10 Women in Cybersecurity You Need to Follow

Security Boulevard

These women are innovating in the cybersecurity field. How many of them do you know? The post The 10 Women in Cybersecurity You Need to Follow appeared first on Security Boulevard.

article thumbnail

ToddyCat: Unveiling the Stealthy APT Group Targeting Asia-Pacific Governments

Penetration Testing

A new report from Kaspersky Labs reveals a sophisticated toolkit used by the advanced persistent threat (APT) group, “ToddyCat,” to steal massive amounts of sensitive data and maintain control over compromised systems. The group... The post ToddyCat: Unveiling the Stealthy APT Group Targeting Asia-Pacific Governments appeared first on Penetration Testing.

article thumbnail

Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation

The Hacker News

Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain. Alarming? Absolutely.

CISO 130
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

GitLab affected by GitHub-style CDN flaw allowing malware hosting

Bleeping Computer

BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion. [.

Malware 130
article thumbnail

TA547 Phishing Attack: German Companies Hit With Infostealer

Security Boulevard

Researchers at Proofpoint have found out that the TA547 phishing attack campaigns have been targeting different German companies. Identified as TA547, the threat actor has been using an information stealer called Rhadamanthys to get its hand on important financial data of companies. This information is then used by several cybercriminal threat actors.

Phishing 124
article thumbnail

Multiple Vulnerabilities Patched in Apache HugeGraph – Update Immediately

Penetration Testing

Apache HugeGraph, a leading high-performance graph database known for its ability to handle billions of vertices and edges with robust online transaction processing (OLTP) capabilities, has recently addressed several critical security vulnerabilities that posed... The post Multiple Vulnerabilities Patched in Apache HugeGraph – Update Immediately appeared first on Penetration Testing.

article thumbnail

Securing the Automotive Industry: The Role of Digital Certificates in Connected Vehicles

GlobalSign

Connected vehicles are becoming more common but also bring new risks. The auto industry must consider digital certificates to secure connected cars.

Risk 119
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

BreachRx Gets $6.5 Million to Automate Security Incident Response

Security Boulevard

A six-year-old company that is building a platform and portfolio of tools aimed at automating organizations’ responses to data breaches and protecting executives from personal liability is getting $6.5 million in seed money and bringing on as an adviser the former chief security offer for Uber who last year became the face of legal consequences. The post BreachRx Gets $6.5 Million to Automate Security Incident Response appeared first on Security Boulevard.

article thumbnail

GUEST ESSAY: Here’s why securing smart cities’ critical infrastructure has become a top priority

The Last Watchdog

Critical infrastructure like electrical, emergency, water, transportation and security systems are vital for public safety but can be taken out with a single cyberattack. How can cybersecurity professionals protect their cities? In 2021, a lone hacker infiltrated a water treatment plant in Oldsmar, Florida. One of the plant operators noticed abnormal activity but assumed it was one of the technicians remotely troubleshooting an issue.

article thumbnail

NIST Cybersecurity Framework: A Cheat Sheet for Professionals (Free PDF)

Tech Republic Security

The tech world has a problem: Security fragmentation. There’s no standard set of rules or even language for mitigating cyber risk used to address the growing threats of hackers, ransomware and stolen data, and the threat to data only continues to grow. President Barack Obama recognized the cyber threat in 2013, which led to his.

article thumbnail

Giving NIST Digital Identity Guidelines a Boost: Supplement for Incorporating Syncable Authenticators

NSTIC

We all need supplements sometimes. Whether it’s a little extra vitamin C during flu season or some vitamin D during the dark days of Winter. When used correctly, supplements help our body adjust to the changing conditions around us. Similarly, we are applying this same concept for the first time to our NIST SP 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.