ARRL finally confirms ransomware gang stole data in cyberattack
News

ARRL finally confirms ransomware gang stole data in cyberattack

Ultimately, the American Radio Relay League (ARRL) acknowledged that a ransomware attack in May had taken some of its employees' data, which had been initially referred to as a "serious incident." The National Association for Amateur Radio, or ARRL, announced the data breach to those who were affected lately. They stated that they discovered the "sophisticated ransomware incident" following their computer systems being compromised and encrypted on May 14. Following the breach's discovery, ARRL employed outside forensic specialists to assist in determining the attack's impact and pulled the affected systems offline to limit the situation. It also disclosed at the beginning of June that a malevolent multinational cyber gang had breached its networks through a sophisticated network ...
New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign
News

New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign

From at least February 2024, victims speaking Spanish are the focus of an email phishing operation that distributes a brand-new remote access trojan (RAT) known as Poco RAT. According to cybersecurity firm Cofense, the attacks mostly target the mining, industrial, hotel, and utility sectors. According to the report, the bulk of the malware's custom code seems to be concentrated on anti-analysis, interacting with its command-and-control center (C2), downloading and executing files, with only a little amount of attention going toward monitoring or credential harvesting. Phishing emails with lures related to finance start infection chains by tricking recipients into clicking on an embedded URL that leads to a 7-Zip archive file stored on Google Drive read more about New Poco RAT Tar...
Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk
News

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk

An "advanced and upgraded version" of a known malware called StealthVector is suspected of being used by the China-linked advanced persistent threat (APT) organization codenamed APT41 to deploy a backdoor known as MoonWalk that was previously unreported. Zscaler ThreatLabz, which identified the loader strain in April 2024, has named the new StealthVector variant—also known as DUSTPAN—DodgeBox. According to security researchers Yin Hong Chang and Sudeep Singh, DodgeBox is a loader that loads a new backdoor called MoonWalk. MoonWalk uses Google Drive for command-and-control (C2) communication and shares many of the evasion tactics used in DodgeBox. The name "APT41" refers to a well-known Chinese state-sponsored threat actor that has been operating actively since at least 2007 read ...
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack
News

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

As part of a campaign that started in August 2023, threat actors have been seen implementing a new layer of stealth to avoid detection and distributing a fresh wave of malicious packages to the NuGet package management. Software supply chain security company ReversingLabs stated that the new packages, which total roughly 60 and span 290 versions, show a more sophisticated methodology than the earlier batch that surfaced in October 2023. Security researcher Karlo Zanki stated that the attackers changed their approach from utilizing NuGet's MSBuild integrations to one that employs straightforward, obfuscated downloaders that are inserted into authentic PE binary files using Intermediary Language (IL) Weaving, a.NET programming technique for altering an application's code after compila...
Huione Guarantee exposed as a $11 billion marketplace for cybercrime
News

Huione Guarantee exposed as a $11 billion marketplace for cybercrime

According to researchers, the ostensibly genuine online marketplace Huione Guarantee is being exploited as a vehicle for money laundering from online fraud, including "pig butchering" investment fraud. A victim of a pig butchering scam is duped into gradually sending money through phony websites with impressive investment returns. When victims attempt to withdraw money, the fraud is discovered, and by then, they have typically lost a sizable sum of money. The Huine Guarantee merchants have transacted at least $11 billion, according to a report from the blockchain analytics company Elliptic. Some of these transactions have been connected to different forms of cybercrime, such as setting up websites for investment fraud, the sale of personal data, and money laundering read more about ...
New Ransomware Group Exploiting Veeam Backup Software Vulnerability
News

New Ransomware Group Exploiting Veeam Backup Software Vulnerability

The recently discovered ransomware group known as EstateRansomware is taking use of a security hole in the Veeam Backup & Replication software that has been patched. The basic operandi of the threat actor, according to Group-IB, based in Singapore, which identified them in early April 2024, involved exploiting CVE-2023-27532 (CVSS score: 7.5) to carry out the harmful actions. It is claimed that an inactive account on a Fortinet FortiGate firewall SSL VPN appliance allowed for initial access to the target environment. According to a study released today by security researcher Yeo Zi Wei, the threat actor used the SSL VPN service to pivot laterally from the FortiGate Firewall and get access to the failover server read more about New Ransomware Group Exploiting Veeam Backup Soft...
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs
News

GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

In an effort to fix security holes in its software development platform, GitLab has released an additional set of fixes. One of the most important bugs allows an attacker to perform pipeline processes as any user. The vulnerability, identified as CVE-2024-6385, has a CVSS score of 9.6 out of a possible 10.0. GitLab CE/EE versions 15.8 before 16.11.6, 17.0 before 17.0.4, and 17.1 before 17.1.2 are affected by a bug that, in certain cases, enables an attacker to start a pipeline as a different user, the firm announced in an alert on Wednesday. Recall that the business fixed a related vulnerability late last month (CVE-2024-5655, CVSS score: 9.6) that might be used as a weapon to access pipelines in the identities of other users read more about GitLab Patches Critical Flaw Allowing ...
PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks
News

PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks

A recently discovered PHP security vulnerability has been reported to be used by a number of threat actors to propagate distributed denial-of-service (DDoS) botnets, bitcoin miners, and remote access trojans. The CVE-2024-4577 vulnerability (CVSS score: 9.8) in question gives an attacker the ability to remotely execute malicious commands on Windows computers that are configured with Chinese and Japanese language locales. It was made known to the public in early June 2024. Researchers at Akamai, Kyle Lefton, Allen West, and Sam Tinklenberg, identified a vulnerability called CVE-2024-4577 that lets an attacker bypass the command line and pass arguments that are parsed directly by PHP. They made this discovery on Wednesday. "The method used to translate Unicode characters into ASCII is...
US disrupts AI-powered bot farm pushing Russian propaganda on X
News

US disrupts AI-powered bot farm pushing Russian propaganda on X

A collaborative international law enforcement operation headed by the U.S. Justice Department took down 1,000 Twitter accounts that were part of a huge bot farm that was propagating Russian misinformation, as well as the domains that were used to register the bots. The Russian FSB officer and the deputy editor-in-chief of Russia Today (RT), who organized and oversaw the bots' usage of Meliorator, an AI-enabled program, to distribute misinformation to Twitter users worldwide, have been behind the disinformation campaign since 2022. RT affiliates created social media profiles with an authentic appearance using Meliorator, impersonating people from all around the world. This was done to spread misinformation and undermine Russian influence on Twitter. Widespread information dissemin...
Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks
News

Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks

Researchers studying cybersecurity have discovered that attackers may be able to use Jenkins Script Console instances that aren't configured correctly as weapons to carry out illegal actions like mining cryptocurrencies. Attackers can access the '/script' endpoint due to misconfigurations such incorrectly configured authentication procedures, according to a technical write-up released last week by Shubham Singh and Sunil Bharti of Trend Micro. Malicious actors may take advantage of this and cause remote code execution (RCE). Users can run any Groovy script within the Jenkins controller runtime using the Groovy script console included in the well-known continuous integration and delivery (CI/CD) platform Jenkins read more about Hackers Exploiting Jenkins Script Console for Cryptocurr...