Tag: Cybersecurity

GhostEngine mining attacks kill EDR security using vulnerable drivers
News

GhostEngine mining attacks kill EDR security using vulnerable drivers

It has been determined that a malicious crypto mining campaign known as "REF4578" is using a malicious payload called GhostEngine, which leverages insecure drivers to disable security products and launch an XMRig miner. In separate publications and shared detection rules to assist defenders in identifying and stopping these crypto-mining assaults, researchers from Elastic Security Labs and Antiy have highlighted the exceptionally sophisticated nature of these attacks. The origin and extent of the campaign are still unknown, though, as neither the report nor its specifics link the activity to recognized threat actors or provide information about targets or victims. The threat actor's attack begins with the execution of a program called "Tiworker.exe," which poses as a genuine Wind...
Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users
News

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

A fresh attack campaign known as CLOUD#REVERSER has been seen staging malware payloads using reputable cloud storage services like Dropbox and Google Drive. Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov stated in a report shared with The Hacker News that the VBScript and PowerShell scripts in the CLOUD#REVERSER inherently involve command-and-control-like activities by using Google Drive and Dropbox as staging platforms to manage file uploads and downloads. Because the scripts are made to retrieve files that fit particular patterns, it is possible that they are awaiting instructions or scripts that have been stored in Dropbox or Google Drive. A phishing email containing a ZIP archive file, which contains an executable that poses as a Microsoft Excel file, is the ...
Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings
News

Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings

Zoom, a well-known provider of business services, announced that post-quantum end-to-end encryption (E2EE) is now available for Zoom Meetings. Support for Zoom Phone and Zoom Rooms will follow shortly. The company released a statement saying that the necessity to protect user data grows along with the sophistication of adversarial attacks. We are stepping up security with the release of post-quantum E2EE and giving users access to cutting-edge tools to better safeguard their data. Kyber-768, which seeks to achieve security roughly similar to AES-192, is used in Zoom's post-quantum E2EE. In July 2022, Kyber was selected as the quantum-resistant cryptographic algorithm for general encryption by the National Institute of Standards and Technology (NIST) of the U.S. Department of Commerc...
MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks
Security

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

A known security vulnerability in Microsoft Exchange Server is being used by an unidentified threat actor to launch keylogger malware attacks against organizations in the Middle East and Africa. Positive Technologies, a Russian cybersecurity company, reported that it has identified more than 30 victims, including banks, government organizations, IT firms, and educational institutions. The year 2021 was the first compromise in history. The business stated in a report released last week that "this keylogger was collecting account credentials into a file accessible via a special path from the internet." Russia, the United Arab Emirates, Kuwait, Oman, Niger, Nigeria, Ethiopia, Mauritius, Jordan, and Lebanon are among the nations that the intrusion set targets read more MS Exchange Se...
Understanding OWASP A09 2021 Security Logging and Monitoring Failures
Security

Understanding OWASP A09 2021 Security Logging and Monitoring Failures

Understanding OWASP A09 2021 Security Logging and Monitoring Failures' serves as a beacon, shedding light on a pivotal aspect of digital security. Strong security recording and monitoring procedures are crucial in a time when cyber threats are prevalent and businesses are struggling to protect their most valuable assets. As a sentinel, OWASP A09 draws attention to the flaws in insufficient logging and monitoring systems and emphasizes the need of preventative mitigation techniques. We delve into the nuances of security logging and monitoring failures, analyzing their ramifications and mapping out a path towards improved resilience in the face of dynamic cyber attacks as we explore OWASP A09 2021. Understanding OWASP A09: Security Logging and Monitoring Failures The failure to ap...
OmniVision discloses data breach after 2023 ransomware attack
News

OmniVision discloses data breach after 2023 ransomware attack

Following a Cactus ransomware attack on the company last year, OmniVision, a California-based provider of image sensors, is alerting customers about a potential data compromise. Designing and developing imaging sensors for smartphones, laptops, webcams, cars, medical imaging systems, and other devices is OmniVision, a subsidiary of the Chinese company Will Semiconductor. The business had 2,200 employees as of 2023, and it brought in $1.4 billion in sales. On Friday, OmniVision notified the Californian authorities of a ransomware-encrypted security breach incident that occurred between September 4 and September 30, 2023. OVT received information of a security problem read more OmniVision discloses data breach after 2023 ransomware attack. Get up to date on the latest cyberse...
Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel
News

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

Under the aliases Homeland Justice and Karma, respectively, an Iranian threat actor connected to the Ministry of Intelligence and Security (MOIS) has been implicated in damaging wipe attacks against Israel and Albania. The behavior is being monitored by cybersecurity company Check Point under the code name Void Manticore; Microsoft has also dubbed this code Storm-0842 (formerly DEV-0842). In a report released today, the company stated that there are obvious overlaps between the targets of Void Manticore and Scarred Manticore, as well as signs of a systematic target handoff between those two groups when choosing to carry out destructive activities against Scarred Manticore's current victims. Under the alias Homeland Justice, the threat actor has been well-known for its disruptive ...
“Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit
News

“Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit

Researchers studying cybersecurity have uncovered a serious security vulnerability in Fluent Bit, a well-known logging and analytics tool. This vulnerability might be used to cause denial-of-service (DoS), expose confidential information, or execute code remotely. Tenable Research has given the vulnerability, which is tracked as CVE-2024-4323, the codename Linguistic Lumberjack. Version 3.0.4 has the fixes for versions 2.0.7 through 3.0.3 that are affected. The problem is related to a memory corruption event that could enable remote code execution, DoS attacks, or information leaking in Fluent Bit's integrated HTTP server. It is specifically related to using endpoints like /api/v1/traces and /api/v1/trace to submit maliciously constructed queries to the monitoring API read more L...
NextGen Healthcare Mirth Connect Under Attack CISA Issues Urgent Warning
News

NextGen Healthcare Mirth Connect Under Attack CISA Issues Urgent Warning

Citing evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security hole affecting NextGen Healthcare Mirth Connect to its list of known exploited vulnerabilities (KEV) on Monday. The vulnerability, identified as CVE-2023-43208 (CVSS score: N/A), pertains to an instance of unapproved remote code execution that results from an insufficient fix for another significant vulnerability, CVE-2023-37679 (CVSS score: 9.8). The vulnerability was initially made public by Horizon3.ai in late October 2023. This January, the company posted a proof-of-concept (PoC) exploit along with other technical details. Healthcare organizations frequently employ Mirth Connect, an open-source data integration platform that enables standardized data inter...
American Radio Relay League cyberattack takes Logbook of the World offline
News

American Radio Relay League cyberattack takes Logbook of the World offline

A assault that affected the American Radio Relay League's (ARRL) IT systems and online operations, including email and the Logbook of the World, has left the organization with warnings. The American Radio Relay League (ARRL) is the national organization for amateur radio in the United States. It offers technical assistance, advocates for amateur radio interests before government regulatory agencies, and organizes events and educational initiatives for enthusiasts around the nation. The ARRL said on Thursday that it had experienced a cyberattack that has interfered with its network and systems, including a number of its hosted internet services. A significant incident affecting access to our network and systems located at our headquarters is now being handled by our team. ARRL sta...