Tag: malicious
-
Malicious Microsoft VSCode extensions target devs, crypto community
by
in SecurityNewsMalicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-microsoft-vscode-extensions-target-devs-crypto-community/
-
Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets
The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/midnight-blizzard-taps-phishing-email-rogue-rdp-nets
-
New Attacks Exploit VSCode Extensions and npm Packages
by
in SecurityNewsMalicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-actors-exploit-vscode/
-
New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials
by
in SecurityNewsThe VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing campaigns. Delivered as attachments disguised as archives or Microsoft 365 files, it employs malicious Microsoft Office documents to spread through command-and-control (C2) infrastructure. It targets sensitive data, including login credentials, financial information, system data, and personally identifiable information, posing a significant…
-
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
by
in SecurityNewsThe Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files.The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a “rogue RDP” technique that was previously First seen on…
-
Exploitation of Recent Critical Apache Struts 2 Flaw Begins
by
in SecurityNewsResearchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE). The post Exploitation of Recent Critical Apache Struts 2 Flaw Begins appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-of-recent-critical-apache-struts-2-flaw-begins/
-
Earth Koshchei Employs RDP Relay, Rogue RDP server in Server Attacks
by
in SecurityNewsA new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has brought rogue Remote Desktop Protocol (RDP) attacks to the forefront of cybersecurity concerns. Leveraging a combination of RDP relays, rogue RDP servers, and custom malicious configuration files, this campaign has targeted high-profile organizations, posing a serious threat to global cybersecurity. The…
-
1-Click RCE Attack In Kerio Control UTM Allow Attackers Gain Firewall Root Access Remotely
by
in SecurityNewsGFI Software’s Kerio Control, a popular UTM solution, was found to be vulnerable to multiple HTTP Response Splitting vulnerabilities, which affecting versions 9.2.5 through 9.4.5, could potentially allow attackers to inject malicious code into web pages, leading to cross-site scripting (XSS) attacks and other security compromises. The vulnerabilities, tracked as CVE-2024-52875 and KIS-2024-07, highlight the…
-
Cybercriminals Exploit Google Calendar to Spread Malicious Links
by
in SecurityNewsCheck Point research reveals cybercriminals are using Google Calendar and Drawings to send malicious links, bypassing traditional email security First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybercriminals-exploit-google/
-
Hackers Use Fake PoCs on GitHub to Steal WordPress Credentials, AWS Keys
by
in SecurityNewsSUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified… First seen on hackread.com Jump to article: hackread.com/hackers-fake-pocs-github-wordpress-credentials-aws-keys/
-
Seamless API Threat Detection and Response: Integrating Salt Security and CrowdStrike NG-SIEM
by
in SecurityNews
Tags: api, attack, business, compliance, crowdstrike, data, ddos, defense, detection, governance, incident response, injection, intelligence, malicious, mitigation, monitoring, risk, risk-management, siem, strategy, threat, vulnerabilityAPIs are essential for modern digital business operations, enabling smooth connectivity and data exchange between applications. However, the growing dependence on APIs has unintentionally widened the attack surface, making strong API security a vital concern for organizations. Traditional security measures often prove inadequate in effectively safeguarding this changing landscape. To address this challenge, integrating specialized…
-
Beware of Malicious Ads on Captcha Pages that Deliver Password Stealers
by
in SecurityNewsMalicious actors have taken cybercrime to new heights by exploiting captcha verification pages, a typically harmless security feature, to launch large-scale malware distribution campaigns. This startling revelation uncovers how these fake captchas, interlaced with malicious advertising, are infecting users with password-stealing malware. Over the past several weeks, cybercriminals have been leveraging fake captcha pages to…
-
CISA Warns of Adobe Windows Kernel Driver Vulnerabilities Exploited in Attacks
by
in SecurityNews
Tags: access, adobe, attack, cisa, control, cve, cyber, cybersecurity, exploit, infrastructure, kev, malicious, risk, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding two significant vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, actively exploited by malicious actors, underscore the growing risks facing organizations. Adobe ColdFusion Access Control Weakness (CVE-2024-20767) One of the newly added vulnerabilities, CVE-2024-20767, affects Adobe ColdFusion due to improper access…
-
Detection Engineer’s Guide to Powershell Remoting
by
in SecurityNews
Tags: access, attack, automation, computer, control, credentials, crowdstrike, cyberattack, data, detection, edr, endpoint, exploit, firewall, guide, hacker, malicious, microsoft, mitre, monitoring, network, penetration-testing, powershell, risk, service, siem, threat, tool, update, windowsPowershell Remoting is a powerful feature in Windows that enables IT administrators to remotely execute commands, manage configurations, and automate tasks across multiple systems in a network. Utilizing Windows Remote Management (WinRM), it facilitates efficient management by allowing centralized control over endpoints, making it an essential tool for system administrators to streamline operations and maintain…
-
Malicious ads push Lumma infostealer via fake CAPTCHA pages
by
in SecurityNewsA large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-ads-push-lumma-infostealer-via-fake-captcha-pages/
-
Deloitte Alerts Rhode Island to Significant Data Breach in RIBridges System
by
in SecurityNewsRhode Island’s RIBridges system has suffered a major data breach, potentially exposing personal information, with Deloitte confirming the presence of malicious software First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/deloitte-rhode-island-data-breach/
-
Evasive Node.js loader masquerading as game hack
by
in SecurityNewsMalware peddlers are using NodeLoader, a loader written in Node.js, to foil security solutions and deliver infostealers and cryptominers to gamers. The malicious links in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/16/node-js-malware-loader-nodeloader-game-hack/
-
Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677)
by
in SecurityNewsOverview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve remote code execution. The CVSS…The…
-
Hackers Abuse Google Ads To Attacking Graphic Design Professionals
Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals, as the actor has launched at least 10 malvertising campaigns hosted on two specific IP addresses: 185.11.61[.]243 and 185.147.124[.]110, where these malicious ads, when clicked, redirect users to websites that initiate malicious downloads. Two IP addresses, 185.11.61.243 and 185.147.124.110, have been…
-
Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads
by
in SecurityNewsHackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework for developing Java web applications. The vulnerability, assigned the identifier CVE-2024-53677, has a critical CVSS score of 9.5, indicating its potential for severe impact if left unaddressed. Background on the Vulnerability Apache Struts2 announced the vulnerability last week, highlighting…
-
New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP
by
in SecurityNewsCybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa.QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti…
-
CISA and EPA Warn: Internet-Exposed HMIs Pose Serious Cybersecurity Risks to Water Systems
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) have jointly released a crucial fact sheet highlighting the cybersecurity risks posed by Internet-exposed Human Machine Interfaces (HMIs) in the Water and Wastewater Systems (WWS) sector. The fact sheet, titled Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems, offers practical…
-
New Research Uncovered Dark Internet Service Providers Used For Hacking
by
in SecurityNews
Tags: attack, cyber, cybercrime, cybersecurity, hacking, infrastructure, Internet, law, malicious, malware, network, serviceBulletproof hosting services, a type of dark internet service provider, offer infrastructure to cybercriminals, facilitating malicious activities like malware distribution, hacking attacks, fraudulent websites, and spam. These services evade legal scrutiny, posing a significant challenge to global cybersecurity. Understanding and identifying bulletproof hosting networks is crucial for cybersecurity researchers, law enforcement agencies, and enterprises. By…
-
Yearlong supply-chain attack targeting security pros steals 390K credentials
by
in SecurityNewsMultifaceted, high-precision campaign targets malicious and benevolent hackers alike. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/12/yearlong-supply-chain-attack-targeting-security-pros-steals-390k-credentials/
-
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
by
in SecurityNewsA now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to “mysterious unattributed threat”) by Datadog…