Cyber News - 19/02/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws
Description:
Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations.
Date: Mon, 19 Feb 2024
Source: https://thehackernews.com/2024/02/russian-linked-hackers-breach-80.html
Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor
Description:
The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal.
Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a wide net in their targeting, often singling out think tanks, NGOs, and journalists.
Date: Mon, 19 Feb 2024
Source: https://thehackernews.com/2024/02/iranian-hackers-target-middle-east.html
FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty
Description:
A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was added to the FBI's most-wanted list in 2012.
Date: Sun, 18 Feb 2024
Source: https://thehackernews.com/2024/02/fbis-most-wanted-zeus-and-icedid.html
Google Open Sources Magika: AI-Powered File Identification Tool
Description:
Google has announced that it's open-sourcing Magika, an artificial intelligence (AI)-powered tool to identify file types, to help defenders accurately detect binary and textual file types. "Magika outperforms conventional file identification methods providing an overall 30% accuracy boost and up to 95% higher precision on traditionally hard to identify, but potentially problematic content
Date: Sat, 17 Feb 2024
Source: https://thehackernews.com/2024/02/google-open-sources-magika-ai-powered.html
CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability
Description:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being likely exploited in Akira ransomware attacks.
Date: Fri, 16 Feb 2024
Source: https://thehackernews.com/2024/02/cisa-warning-akira-ransomware.html
RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers
Description:
Multiple companies operating in the cryptocurrency sector are the target of an ongoing malware campaign that involves a newly discovered Apple macOS backdoor codenamed RustDoor. RustDoor was first documented by Bitdefender last week, describing it as a Rust-based malware capable of harvesting and uploading files, as well as gathering information about the infected machines.
Date: Fri, 16 Feb 2024
Source: https://thehackernews.com/2024/02/rustdoor-macos-backdoor-targets.html
Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks
Description:
A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services (AWS) Simple Notification Service (SNS).
The SMS phishing messages are designed to propagate malicious links that are designed to capture victims' personally identifiable information (PII) and payment card details, SentinelOne said in a new report, attributing it to a threat actor named ARDUINO_DAS.
Date: Fri, 16 Feb 2024
Source: https://thehackernews.com/2024/02/malicious-sns-sender-script-abuses-aws.html
Russian APT 'Winter Vivern' Targets European Government, Military
Description:
TAG-70's sophisticated espionage campaign targeted a range of geopolitical targets, suggesting a highly capable and well-funded state-backed threat actor.
Date: Sat, 17 Feb 2024
Major Tech Firms Develop 'Tech Accord' to Combat AI Deepfakes
Description:
The accord covers initiatives to create more transparency regarding what tech firms like Meta, Microsoft, Google, TikTok, and OpenAI are doing to combat malicious AI, especially around elections.
Date: Fri, 16 Feb 2024
Source: https://www.darkreading.com/cyber-risk/major-tech-firms-develop-tech-accords-to-combat-ai-deepfakes
Enterprises Worry End Users Will be the Cause of Next Major Breach
Description:
Respondents in Dark Reading's Strategic Security Survey believe that the primary cause of their organization's next major data breach would involve social engineering, negligent users, and insecure remote workers.
Date: Fri, 16 Feb 2024
Like Seat Belts and Airbags, 2FA Must Be Mandatory ASAP
Description:
One of the worst hacks in history demonstrated that any online service must force its users to adopt at least two-factor authentication. This must be applied everywhere ASAP as a public safety measure.
Date: Fri, 16 Feb 2024
Source: https://www.darkreading.com/vulnerabilities-threats/2fa-must-be-mandatory-asap
[webapps] SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration
Description: SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51804
[webapps] Employee Management System v1 - 'email' SQL Injection
Description: Employee Management System v1 - 'email' SQL Injection
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51803
[local] Microsoft Windows Defender - VBScript Detection Bypass
Description: Microsoft Windows Defender - VBScript Detection Bypass
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51802
[local] Microsoft Windows Defender Bypass - Detection Mitigation Bypass
Description: Microsoft Windows Defender Bypass - Detection Mitigation Bypass
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51801
[dos] XAMPP - Buffer Overflow POC
Description: XAMPP - Buffer Overflow POC
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51800
[webapps] phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit
Description: phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51799
New Google Chrome feature blocks attacks against home networks
Description:
Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks.
More simply, Google plans to prevent bad websites on the internet from attacking a visitor's devices (like printers or routers) in your home or on your computer. People usually consider these devices safe as they're not directly connected to the internet and are protected by a router.
Date: Sat, 17 Feb 2024
ALPHV ransomware claims loanDepot, Prudential Financial breaches
Description:
The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot.
The two companies were added to ALPHV's dark web leak site today, with the threat actors still having to publish proof of their claims. ALPHV plans to sell the stolen data from loanDepot's network and release Prudential's data for free after failed negotiations.
Date: Fri, 16 Feb 2024
SolarWinds fixes critical RCE bugs in access rights audit solution
Description:
SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
Access Rights Manager allows companies to manage and audit access rights across their IT infrastructure to minimize insider threat impact and more.
Date: Fri, 16 Feb 2024
Last updated
