Tag: daily cybersecurity news

State hackers turn to massive ORB proxy networks to evade detection
News

State hackers turn to massive ORB proxy networks to evade detection

Security researchers are alerting the public to the fact that state-sponsored hackers with ties to China are increasingly depending on a massive network of proxy servers made from hacked online devices and virtual private servers for cyberespionage purposes. These proxy meshes, which are managed by independent cybercriminals and grant access to numerous state-sponsored actors (APTs), are known as operational relay box (ORBs) networks. Though they resemble botnets, out-of-service routers and other Internet of Things items could be a combination of compromised devices and commercially rented VPS services to create ORBs. The increasing use of ORBs by adversaries poses difficulties in terms of detection and attribution, since the threat actor can no longer control the attack infrastr...
JAVS courtroom recording software backdoored in supply chain attack
News

JAVS courtroom recording software backdoored in supply chain attack

Malware has been used to backdoor the installation of Justice AV Solutions (JAVS), a popular courtroom video recording program, allowing attackers to gain control of affected PCs. The digital recording technology, commonly referred to as JAVS, is presently installed in over 10,000 courtrooms, law offices, penal facilities, and other entities globally, according to the company that created it. Since then, JAVS has taken down the compromised version from its official website, claiming that the malicious fffmpeg.exe component that was part of the trojanized program "did not come from JAVS or any 3rd party related to JAVS." To make sure that, in the unlikely event that they were stolen, the organization reset all passwords and performed a thorough examination of all systems read more...
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
News

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

A security issue affecting Apache Flink, an open-source, unified stream-processing and batch-processing framework, was added to the Known Exploited Vulnerabilities (KEV) database on Thursday by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. Under incorrect access control, any file on the local filesystem of the JobManager could be accessed by an attacker via its REST interface. This problem is being tracked as CVE-2020-17519. Additionally, this implies that a remote, unauthenticated attacker can submit a carefully constructed directory traversal request that would provide unwanted access to private data read more CISA Warns of Actively Exploited Apache Flink Security Vulnerability. Get up to date on the latest cybersecuri...
Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern
News

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

Regardless of the file-encrypting malware used, ransomware assaults against VMware ESXi infrastructure follow a well-established pattern, according to recent research. Cybersecurity firm Sygnia stated in a report shared with The Hacker News that virtualization platforms are an essential part of organizational IT infrastructure, but they frequently have built-in misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse. The Israeli business discovered that attacks on virtualization environments follow a similar pattern of events through its incident response work with different ransomware families, including LockBit, HelloKitty, BlackMatter, RedAlert (N13V), Scattered Spider, Akira, Cactus, BlackCat, and Cheerscrypt read mor...
LastPass is now encrypting URLs in password vaults for better security
News

LastPass is now encrypting URLs in password vaults for better security

LastPass declared that, to improve privacy and safeguard against data breaches and unauthorized access, it will begin encrypting URLs kept in user vaults. Not only does this new security feature safeguard data from external threats, but the maker of the well-known password manager also emphasizes that it is a key step towards reaffirming its commitment to establishing zero-knowledge architecture in the product. When a user visits a website, LastPass offers to automatically enter their credentials after comparing the URL to an item in the user's password vault to see if they have any saved. According to LastPass, its engineers chose to leave those URLs unencrypted to reduce the burden on CPUs and minimize the software's energy consumption footprint back in 2008 read more LastPass ...
Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats
News

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

Customers of Rockwell Automation are being urged to unplug any industrial control systems (ICSs) that are not intended for public internet access to reduce the risk of harmful or unauthorized cyber activity. Because of increased geopolitical tensions and hostile cyber activities worldwide, the business stated, it is providing this advisory. As a result, clients must act right once to ascertain whether they own any internet-connected devices and, if so, to disable connectivity for any that shouldn't be left available. In addition, Rockwell Automation stated that users should never set up their assets to be directly connected to the public internet read more Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats. Get up to date on the latest cybersecurity ...
Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries
News

Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries

Details about Unfading Sea Haze, a previously unreported threat group that is thought to have been operational since 2018, have been made public by cybersecurity researchers. Bitdefender claimed in a report provided with The Hacker News that the intrusion targeted high-level organizations in South China Sea countries, including military and government targets. Martin Zugec, technical solutions director at Bitdefender, stated that the research found a concerning pattern that went beyond the historical background and that it had so far identified eight victims. Notably, access to infiltrated systems was frequently restored by the attackers. This exploitation draws attention to a serious weakness in the form of shoddy credential hygiene and insufficient patching procedures for expos...
The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell
News

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell

Microsoft said on Wednesday that it will phase out Visual Basic Script (VBScript) in favor of more sophisticated options like JavaScript and PowerShell starting in the second half of 2024. More potent and adaptable scripting languages like JavaScript and PowerShell have emerged as a result of technological advancements over time, according to Microsoft Program Manager Naveen Shankar. These languages are more appropriate for contemporary web development and automation activities because of their wider range of features. The IT giant first declared that starting in October 2023, VBScript would be phased retired. Originally released by Microsoft in 1996 as a Windows system component read more Microsoft Phases Out VBScript for JavaScript and PowerShell. Get up to date on the late...
GhostEngine mining attacks kill EDR security using vulnerable drivers
News

GhostEngine mining attacks kill EDR security using vulnerable drivers

It has been determined that a malicious crypto mining campaign known as "REF4578" is using a malicious payload called GhostEngine, which leverages insecure drivers to disable security products and launch an XMRig miner. In separate publications and shared detection rules to assist defenders in identifying and stopping these crypto-mining assaults, researchers from Elastic Security Labs and Antiy have highlighted the exceptionally sophisticated nature of these attacks. The origin and extent of the campaign are still unknown, though, as neither the report nor its specifics link the activity to recognized threat actors or provide information about targets or victims. The threat actor's attack begins with the execution of a program called "Tiworker.exe," which poses as a genuine Wind...
Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users
News

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

A fresh attack campaign known as CLOUD#REVERSER has been seen staging malware payloads using reputable cloud storage services like Dropbox and Google Drive. Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov stated in a report shared with The Hacker News that the VBScript and PowerShell scripts in the CLOUD#REVERSER inherently involve command-and-control-like activities by using Google Drive and Dropbox as staging platforms to manage file uploads and downloads. Because the scripts are made to retrieve files that fit particular patterns, it is possible that they are awaiting instructions or scripts that have been stored in Dropbox or Google Drive. A phishing email containing a ZIP archive file, which contains an executable that poses as a Microsoft Excel file, is the ...