The Latest News In Cyber Security
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Jan 17, 2025 Firmware Security / Vulnerability Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report. "An attacker[...]
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation
Jan 17, 2025 Web Security / Botnet Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. "Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps," Imperva researcher Daniel Johnston said in an[...]
New ‘Sneaky 2FA’ Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Jan 17, 2025 Cybersecurity / Threat Intelligence Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in[...]
U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs
Jan 17, 2025 Insider Threat / Cryptocurrency The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime[...]
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China. The advocacy group is seeking an immediate suspension of such transfers, stating the companies in question cannot shield user data from being potentially[...]
Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
Jan 16, 2025 Spear Phishing / Threat Intelligence The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. "Star Blizzard's targets are most commonly related to government or diplomacy (both incumbent and former position holders),[...]
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024
You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester). Stolen credentials on criminal forums cost as[...]
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
Jan 16, 2025 Vulnerability / Cybersecurity Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a[...]
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
Jan 16, 2025 Active Directory / Vulnerability Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said[...]
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer
Jan 16, 2025 Malware / Ransomware Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, and used the same .NET loader to install their final payloads," HP Wolf[...]
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws
Jan 16, 2025 Endpoint Security / Ransomware Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript[...]
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
Jan 16, 2025 Vulnerability / Endpoint Security Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern instances of[...]