Tag: hacked

Hackers actively exploiting Openfire flaw to encrypt servers
News

Hackers actively exploiting Openfire flaw to encrypt servers

Openfire messaging servers have a high-severity vulnerability that hackers are actively using to install cryptominers and encrypt servers with ransomware. A popular Java-based open-source chat (XMPP) server called Openfire has been downloaded 9 million times and is frequently used for private, cross-platform chat communications. The vulnerability, identified as CVE-2023-32315, affects Openfire's administrative dashboard and results in an authentication bypass, enabling unauthenticated attackers to establish new admin accounts on vulnerable servers. These accounts are used by the attackers to install malicious Java plugins (JAR files), which then carry out instructions received via GET and POST HTTP requests read more Hackers actively exploiting Openfire flaw to encrypt servers. ...
ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers
News

ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers

Security experts have discovered the physical assets of a threat actor known as ShadowSyndicate, which is believed to have used seven different ransomware families in attacks over the past year. ShadowSyndicate's usage of the Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, Cactus, and Play ransomware is attributed with varying degrees of confidence by Group-IB analysts working with Bridewell and independent researcher Michael Koczwara. The threat actor may be an initial access broker (IAB), according to the researchers' conclusions, even if the data points out that ShadowSyndicate is connected to a number of ransomware activities. Based on a unique SSH fingerprint they found on 85 IP servers, the majority of which were identified as Cobalt Strike command and control machines read...
APT36 state hackers infect Android devices using YouTube app clones
News

APT36 state hackers infect Android devices using YouTube app clones

At least three Android apps that resemble YouTube are used by the APT36 hacking gang, also known as "Transparent Tribe," to infect devices with their infamous remote access trojan (RAT), "CapraRAT." Once the malware has been put on a victim's device, it can basically function as a spyware tool by collecting data, recording audio and video, or accessing sensitive communication data. APT36 is a threat actor with ties to Pakistan that is well-known for attacking Pakistani human rights advocates as well as Indian defense and government organizations, as well as organizations involved in the affairs of the Kashmir region. SentinelLabs, which cautions individuals and groups connected to the military or diplomacy in India and Pakistan to be extremely aware of YouTube Android apps read m...
Hackers steal $53 million worth of cryptocurrency from CoinEx
News

Hackers steal $53 million worth of cryptocurrency from CoinEx

A substantial quantity of digital assets that were used to fund the platform's operations were stolen from vast amounts of hot wallets at the major cryptocurrency exchange CoinEX, according to an announcement. The issue happened on September 12 and preliminary investigation findings indicate that cryptocurrencies from Tron, Polygon, and Ethereum were used in the illicit transactions. Since the inquiry has not yet determined the full extent of the losses, CoinEx has not disclosed any information regarding the financial effect sustained. According to a report by the blockchain security company PeckShield, CoinEx lost over $19 million in ETH, $11 million in TRON, $6.4 million in Smart Chain Coin ($BSC), $6 million in Bitcoin (BTC), and roughly $295,000 in (MATIC) as a result of the ...
CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities
News

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

Several nation-state actors are using security holes in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to obtain unauthorized access and establish persistence on compromised systems, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday. According to a joint alert released by the agency, the Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF), "Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application (Zoho ManageEngine ServiceDesk Plus), establish persistence, and move lateral through the network." The identity of the threat organizations responsible for the attacks have not been made public, but the U.S. Cyber Command (USCYBERCOM)...
Hackers stole Microsoft signing key from Windows crash dump
News

Hackers stole Microsoft signing key from Windows crash dump

Storm-0558, so says Microsoft. Chinese hackers infiltrated a Microsoft engineer's business account and grabbed a signing key that was used to get into government email accounts from a Windows crash dump. Around twenty companies' Exchange Online and Azure Active Directory (AD) accounts were compromised by the attackers using the stolen MSA key, including American government departments like the State and Commerce Departments. They were able to fabricate signed access tokens and pose as accounts inside the targeted orgs by taking use of a now-patched zero-day validation flaw in the GetAccessTokenForResourceAPI read more Hackers stole Microsoft signing key from Windows crash dump. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehe...
Russian Duma leader’s emails hacked and leaked
News

Russian Duma leader’s emails hacked and leaked

The deputy head of the Russian State Duma, Aleksandr Babakov, had his email account compromised by Ukrainian cyber troops. Extracts from the 11GB mail archive seized from Babakov's digital office files were given with the volunteer intelligence organization Inform Napalm by the Cyber Resistance hacking team. Cyber Resistance's evidence connects Babakov to a number of anti-European and pro-Russian disinformation campaigns, allegedly rigged elections in Crimea, and even actor and martial artist Steven Seagal, who has drawn criticism for his close ties to Vladimir Putin and support of Russia read more Russian Duma leader’s emails hacked and leaked. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest thre...
New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC
News

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

WinRAR has been found to include a high-severity security weakness that might be used by a threat actor to execute remote code on Windows systems. The vulnerability, identified as CVE-2023-40477 (CVSS score: 7.8), is a result of insufficient validation when processing recovery volumes. According to a warning from the Zero Day Initiative (ZDI), "the problem results from improper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer."The vulnerability "can be used by an attacker to execute code within the context of the current process read more New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive covera...
Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability
News

Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability

Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable NetScalers to gain persistent access," NCC Group said in an advisory released Tuesday. "The adversary can execute arbitrary commands with this webshell, even when a NetScaler is patched and/or rebooted." CVE-2023-3519 refers to a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could lead to unauthenticated remote code execution read more Nearly 2000 Citrix NetScaler Instances Hacked via Critical Vulnerability. Stay informed with the best cybersecurity n...
Hacker Successfully Drains $23 Million from AlphaPo Hot Wallet
News

Hacker Successfully Drains $23 Million from AlphaPo Hot Wallet

Over $23 million was stolen from the Ethereum, Bitcoin, and Tron hot wallets of Alphapo, a platform for processing cryptocurrency payments. It's unclear how much Bitcoin was taken in this incident. The attack was disclosed by ZachXBT, a well-known cryptocurrency expert on Twitter, who also said that the stolen monies were exchanged for ETH and crossed to Bitcoin and Avalanche. After hearing the news, Alphapo's client HypeDrop disabled the withdrawals and said, "Our provider is now working to rectify some recent challenges from their side. They are notably having issues with deposits for ETH and TRX as well as withdrawals of BTC, ETH, and TRX. DeDotFi, a well-known DeFi security platform, claimed that the hack may have been brought on by the disclosure of private keys read more Ha...