ScreenConnect servers hacked in LockBit ransomware attacks
News

ScreenConnect servers hacked in LockBit ransomware attacks

Attackers are infecting unpatched ScreenConnect servers with LockBit ransomware payloads by taking advantage of a maximum severity authentication bypass vulnerability. Since Tuesday, when many cybersecurity organizations published proof-of-concept exploits and ConnectWise delivered security fixes, the highest severity CVE-2024-1709 auth bypass flaw has been actively exploited. Additionally, ConnectWise addressed the high-severity path traversal vulnerability (CVE-2024-1708), which is only exploitable by highly privileged threat actors.Due to two security flaws that affect all ScreenConnect versions, the business decided to eliminate all license limitations on Wednesday. This will let customers whose licenses have expired to update to the most recent version of the software and p...
Russian Government Software Backdoored to Deploy Konni RAT Malware
News

Russian Government Software Backdoored to Deploy Konni RAT Malware

A backdoor has been included in an installer for a utility that is probably used by the Ministry of Foreign Affairs (MID)'s Russian Consular Department to distribute the remote access trojan Konni RAT (also known as UpDog). The investigation was conducted by German cybersecurity firm DCSO, which concluded that actors with ties to the Democratic People's Republic of Korea (DPRK) were behind the action, which was directed towards Russia. The Konni activity cluster, also known as Opal Sleet, Osmium, or TA406, has a documented history of using Konni RAT against Russian organizations. Since October 2021, at least, the threat actor has also been connected to assaults on MID. In November 2023, Fortinet FortiGuard Labs made public the use of Microsoft Word documents written in Russian as...
U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders
News

U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders

The U.S. State Department has declared cash rewards of up to $15 million for details that may help identify key figures within the LockBit ransomware group and lead to the apprehension of any involved individuals. The State Department highlighted that since January 2020, LockBit perpetrators have carried out over 2,000 assaults on targets within the United States and globally. These attacks have resulted in significant disruptions to operations and the loss or theft of sensitive data. Furthermore, LockBit ransomware incidents have led to ransom payments totaling more than $144 million for recovery purposes. This development coincides with a broad law enforcement investigation spearheaded by the National Crime Agency (NCA) of the United Kingdom (UK) that has crippled LockBit read ...
FTC Slams Avast with $16.5 Million Fine for Selling Users Browsing Data
News

FTC Slams Avast with $16.5 Million Fine for Selling Users Browsing Data

The Federal Trade Commission (FTC) of the United States has fined antivirus company Avast $16.5 million for allegedly selling customers' browser information to marketers while falsely advertising that its products would prevent internet monitoring. Furthermore, the business is not permitted to sell or license any web browsing data for commercial use. Additionally, it must inform users whose browsing information was sold to unaffiliated third parties. Avast "unfairly collected consumers' browsing information through the company's browser extensions and antivirus software, stored it indefinitely, and sold it without adequate notice and consumer consent," according to the FTC's lawsuit against the company read more FTC Slams Avast with $16.5 Million Fine for Selling Users Browsing Data...
Microsoft expands free logging capabilities after May breach
News

Microsoft expands free logging capabilities after May breach

Six months after revealing that Chinese hackers had secretly taken emails belonging to the United States government during an Exchange Online breach that occurred between May and June 2023, Microsoft has increased the amount of free logging capabilities for all Purview Audit standard customers, including federal agencies in the United States. Since disclosing the incident, the company has collaborated with CISA, the Office of Management and Budget (OMB), and the Office of the National Cyber Director (ONCD) to guarantee that government agencies are now in possession of all the logging data required to identify such assaults in the future. According to a press release released today, "extended logging will be available to all agencies using Microsoft Purview Audit starting this month ...
Hackers abuse Google Cloud Run in massive banking trojan campaign
News

Hackers abuse Google Cloud Run in massive banking trojan campaign

Researchers in security are alerting us to instances of hackers misusing Google Cloud Run to spread large amounts of banking trojans, such as Astaroth, Mekotio, and Ousaban. With Google Cloud Run, customers can manage workloads and launch front-end and back-end services, websites, and apps without having to worry about scaling or maintaining an infrastructure. When Brazilian attackers began launching campaigns employing MSI installer files to distribute malware payloads in September 2023, Cisco Talos analysts noticed a sharp increase in the exploitation of Google's service for malware distribution. According to the researchers' assessment, Google Cloud Run's affordability and capacity to get over conventional security restrictions read more Hackers abuse Google Cloud Run in massi...
New ‘VietCredCare’ Stealer Targeting Facebook Advertisers in Vietnam
News

New ‘VietCredCare’ Stealer Targeting Facebook Advertisers in Vietnam

At least from August 2022, Facebook marketers in Vietnam have been the focus of VietCredCare, an information thief that was previously undisclosed. The malware is "notable for its ability to automatically filter out Facebook session cookies and credentials stolen from compromised devices, and assess whether these accounts manage business profiles and if they maintain a positive Meta ad credit balance," according to a new report released by Group-IB, a Singaporean company, and shared with The Hacker News. The ultimate objective of the extensive virus dissemination plan is to enable corporate Facebook account takeovers by focusing on Vietnamese administrators read more New VietCredCare Stealer Targeting Facebook Advertisers in Vietnam. Get up to date on the latest cybersecurity new...
Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS
News

Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS

Using a DOPLUGS backdoor, the China-affiliated threat actor Mustang Panda has targeted multiple Asian nations with PlugX (also known as Korplug). In a recent technical write-up, Trend Micro researchers Sunny Lu and Pierre Lee stated that "the piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only used for downloading the latter." Taiwan and Vietnam have been the main targets of DOPLUGS, with smaller percentages being found in Hong Kong, India, Japan, Malaysia, Mongolia, and even China. Mustang Panda, also known as BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, Red Lich, Stately Taurus, TA416, and TEMP.Hex, is a tool that is essential to the a...
Understanding HITRUST Compliance: A Comprehensive Guide
Compliance

Understanding HITRUST Compliance: A Comprehensive Guide

Data breaches and cyber attacks present serious hazards to firms in a variety of industries in the current digital ecosystem. As a result, protecting the confidentiality and integrity of sensitive data has taken precedence. HITRUST compliance is one method that corporations can show that they are dedicated to protecting data, What is HITRUST compliance its certification process and Benefits, and how businesses may attain and preserve it in this blog article. What is HITRUST? HITRUST, a non-profit organization, offers data protection standards and certification initiatives aimed at assisting organizations in securing sensitive data, managing information risks, and achieving compliance objectives. What sets HITRUST apart from other compliance frameworks is its integration of...
Knight ransomware source code for sale after leak site shuts down
News

Knight ransomware source code for sale after leak site shuts down

A spokesman of the operation is selling the purported source code for the third version of the Knight ransomware to a lone customer on a hacker forum. The Knight ransomware, which targets Linux/ESXi, Windows, and macOS systems, was first released at the end of July 2023 under the Cyclops operation. Because it offered info-stealers and a "lite" version of its encryptor to lower-tier affiliates that targeted smaller businesses, it acquired some traction. Two days ago, an advertisement was posted on RAMP forums by an individual going by the moniker Cyclops, who is recognized as a member of the Knight ransomware group read more Knight ransomware source code for sale after leak site shuts down. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecur...