Oct 28, 2024Ravie LakshmananCloud Security / Cyber Attack A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by … [Read more...] about Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
Hackers
Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain
The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry. "Over a period of at least six months, the attackers stealthily gathered valuable information from the targeted company including, but not limited to, network … [Read more...] about Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
Oct 20, 2024Ravie LakshmananVulnerability / Email Security Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an … [Read more...] about Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity
Oct 16, 2024Ravie LakshmananEndpoint Security / Malware Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro said it detected "threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading … [Read more...] about Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates
Sep 26, 2024Ravie LakshmananAutomotive Industry / Technology Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, … [Read more...] about Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates
North Korean Hackers Targets Job Seekers with Fake FreeConference App
North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview. The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native … [Read more...] about North Korean Hackers Targets Job Seekers with Fake FreeConference App
North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit
Aug 31, 2024Ravie LakshmananRootkit / Threat Intelligence A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a habit of … [Read more...] about North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit
Iranian Hackers Set Up New Network to Target U.S. Political Campaigns
Aug 30, 2024Ravie LakshmananCyber Threat / Cyber Espionage Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns. Recorded Future's Insikt Group has linked the infrastructure to a hacking group it tracks as GreenCharlie, an Iran-nexus cyber threat … [Read more...] about Iranian Hackers Set Up New Network to Target U.S. Political Campaigns
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
Aug 20, 2024Ravie LakshmananVulnerability / Threat Intelligence A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic," the Symantec Threat Hunter Team, part of … [Read more...] about Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool
Aug 03, 2024Ravie LakshmananDDoS Attack / Server Security Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS … [Read more...] about Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool