A naukri.com initiative
Hacking News
Securityaffairs
4w
252
Image Credit: Securityaffairs
Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America
- The Russian RomCom group exploited Firefox and Tor Browser zero-day vulnerabilities in attacks on users in Europe and North America.
- The first zero-day, tracked as CVE-2024-9680, is a use-after-free issue in Firefox Animation Timelines.
- The second zero-day, CVE-2024-49039, is a Windows Task Scheduler privilege escalation flaw.
- RomCom used the vulnerabilities to deploy a backdoor on victims' systems through a fake website.
Read Full Article
15 Likes
Hackers-Arise
4w
279
Image Credit: Hackers-Arise
Exploit Development: Building Your Own Fuzzer with BASH
- Web application fuzzing stands as a critical technique for uncovering vulnerabilities and developing exploits.
- This practical guide equips aspiring cyber warriors with the knowledge to wield BASH scripting as a powerful weapon in creating custom fuzzing tools.
- Fuzzing is a dynamic analysis technique used in software testing and security assessments.
- Fuzzing explores the vast input space of a program; generating inputs with a high likelihood of triggering bugs or vulnerabilities.
- Fuzzing can be categorized into several types based on the knowledge and approach used - black-box, white-box, grey-box, generation-based, mutation-based, and evolutionary.
- BASH scripting for web fuzzing offers simplicity and seamless system integration.
- Limitations of using BASH for web fuzzing are that it can be slow on large-scale projects and implementing advanced fuzzing techniques can be challenging.
- The tutorial covers creating payloads and request handling, including writing a function for sending requests and response analysis.
- By fuzzing the application, we can identify the application's breaking point, which can often be a place to exploit.
- Overall, web application fuzzing using Bash is a perfect starting point for aspiring cyber warriors.
Read Full Article
16 Likes
TechCrunch
4w
275
Image Credit: TechCrunch
Russia-linked hackers exploited Firefox and Windows zero-day bugs in ‘widespread’ hacking campaign
- Russian-linked hacking group RomCom has exploited zero-day vulnerabilities in Firefox and Windows.
- RomCom used the zero-day bugs to create a 'zero click' exploit, enabling remote malware installation without user interaction.
- The hacking campaign targeted users in Europe and North America, with potential victims numbering between single digits to 250.
- Mozilla and Microsoft have since patched the vulnerabilities in Firefox and Windows respectively.
Read Full Article
16 Likes
Hackingblogs
4w
426
Image Credit: Hackingblogs
North Korea’s Secret Cyber Scheme Uncovered: DPRK IT Workers Using Fake US Companies to Steal Money, Linked to China
- North Korean hackers, posing as employees of fake US-based tech firms, are stealing money and data.
- These so-called “DPRK IT Workers” use these fake companies to trick people and businesses into handing over valuable resources.
- This scheme is part of a larger network that has connections to China and highlights a growing threat in the digital world that could affect anyone, from small businesses to large corporations.
- North Korean IT personnel frequently acquire specialised knowledge and abilities as a result of international sanctions and restricted access to worldwide IT resources.
- North Korea maintains a global network of highly qualified IT professionals through fake firms and false identities to avoid restrictions and finance the dictatorship.
- This presents significant concerns for firms, including legal troubles, harm to their reputation, and security dangers like malware or data theft.
- Employers must carefully screen remote workers to prevent becoming victims of these scams.
- The websites of four firms, Independent Lab LLC, Shenyang Tonywang Technology, Tony WKJ LLC IT Services, and HopanaTech, were seized by the US Government on October 10th when it was discovered that they were fronts for North Korean cyber activities.
- North Korea's IT Worker scam uses the internet economy to finance government initiatives, such as the creation of weapons.
- North Korea's actions demonstrate a clever plan that’s dangerous for businesses and individuals alike.
Read Full Article
25 Likes
Schneier
4w
31
What Graykey Can and Can’t Unlock
- The Graykey, a phone unlocking and forensics tool, can only retrieve partial data from iPhones running iOS 18 or iOS 18.0.1.
- The tool's capabilities with iOS 18.1, released on October 28, are not mentioned in the obtained documents.
- Graykey's performance with Android phones varies due to device and manufacturer diversity.
- On Google's Pixel 9, Graykey can only partially access data in an 'After First Unlock' state.
Read Full Article
1 Like
Siliconangle
4w
79
Image Credit: Siliconangle
Aqua Security uncovers massive denial-of-service campaign targeting 35M devices
- Aqua Security's Nautilus research team has uncovered a massive distributed denial-of-service (DDoS) campaign by a threat actor called Matrix.
- Matrix targets vulnerable internet of things (IoT) and enterprise systems, with over 35 million devices targeted globally.
- The campaign uses botnets ranging in size between 350,000 and 1.7 million compromised systems, leveraging Mirai botnet and other tools.
- Matrix monetizes the DDoS campaign through a Telegram-based store, offering attack plans to customers with payments processed in cryptocurrency.
Read Full Article
4 Likes
Siliconangle
4w
146
Image Credit: Siliconangle
Netcraft highlights growing role of AI models in Black Friday fake store scams
- A new report from Netcraft Ltd. highlights the growing role of artificial intelligence large language models in creating fake online stores and content for Black Friday.
- Netcraft's researchers found a 110% increase in fake stores between August and October this year, with many using the Chinese e-commerce platform SHOPYY.
- Large language models are being used to generate convincing content for fake online stores, including product descriptions scraped from legitimate platforms like Amazon.
- These models are also helping cybercriminals rewrite titles and descriptions to avoid detection, scale their operations, and launch large-scale campaigns with minimal human oversight.
Read Full Article
8 Likes
Securityaffairs
4w
226
Image Credit: Securityaffairs
The source code of Banshee Stealer leaked online
- The source code of Banshee Stealer, a MacOS Malware-as-a-Service, leaked online.
- Russian hackers promoted BANSHEE Stealer, a macOS malware capable of stealing browser data and crypto wallets.
- BANSHEE Stealer supports evasion techniques, checks for debugging and virtualization, and targets multiple browsers.
- After the source code leak, the operators shut down their operations.
Read Full Article
13 Likes
Securelist
4w
239
Image Credit: Securelist
Analysis of Elpaco: a Mimic variant
- Elpaco is a variant of the Mimic ransomware that was discovered by Kaspersky in a recent incident response case.
- The malware used a 7-Zip installer mechanism for ransomware attacks and abused the Everything library for easy-to-use GUI customization.
- The artifact also has features for disabling security mechanisms and running system commands.
- DC.exe is called during runtime by svhostss.exe, with the /D available command for disabling.
- The ransomware operator can select entire drives for encryption, perform a process injection to hide malicious processes, customize the ransom note, change the encryption extension, set the order of encryption based on the original file format, and exclude specific directories, files or formats from encryption.
- Elpaco encrypts the victim’s files with the stream cipher ChaCha20, and the key for this cipher is encrypted by the asymmetric encryption algorithm RSA-4096.
- Mimic variants, including Elpaco, have been used by threat actors on a massive scale targeting multiple countries worldwide.
- Elpaco deletes itself from infected machines after encrypting the files to evade detection and analysis.
- Kaspersky products detect the threat described in this article with the following verdicts: HEUR:Trojan-Ransom.Win32.Generic (dropper) and HEUR:Trojan-Ransom.Win32.Mimic.gen (svhostss.exe).
- The TTPs identified from the malware analysis include Network Share Discovery, Command and Scripting Interpreter, Data Encrypted for Impact, Service Stop, Inhibit System Recovery, and others.
Read Full Article
14 Likes
Securityaffairs
4w
293
Image Credit: Securityaffairs
U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog.
- Array Networks' AG Series and vxAG (versions 9.4.0.481 and earlier) are impacted by a remote code execution vulnerability.
- Attackers can exploit the SSL VPN gateway without authentication by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL.
- CISA has ordered federal agencies to fix this vulnerability by December 16, 2024.
Read Full Article
17 Likes
Securityaffairs
4w
319
Image Credit: Securityaffairs
Thai police arrested Chinese hackers involved in SMS blaster attacks
- Thai police arrested Chinese hackers involved in SMS blaster attacks
- Fraud gangs in Bangkok were arrested for conducting SMS blaster attacks.
- The attackers used fake cell towers to send malicious SMS messages to nearby phones.
- Thai authorities discovered call center gangs using fake '02' numbers for scams and fraudulent investments.
Read Full Article
19 Likes
Siliconangle
4w
75
Image Credit: Siliconangle
Ransomware attack on Panasonic’s Blue Yonder disrupts supply chains in UK and US
- A ransomware attack on Panasonic Corp.-owned supply chain management company Blue Yonder Group Inc. caused disruptions and delays in the U.K. and U.S.
- The attack was detected on Nov. 21, and Blue Yonder has provided updates on its website, but without much detail.
- Blue Yonder is working with external cybersecurity firms to restore systems safely, with no timeline for restoration at this point.
- The outage has impacted grocery chains in the U.K. and affected companies in the U.S., including Starbucks, Proctor & Gamble, and Albertsons.
Read Full Article
4 Likes
Securityaffairs
4w
155
Image Credit: Securityaffairs
Zyxel firewalls targeted in recent ransomware attacks
- Zyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls.
- Remote, unauthenticated attackers could exploit the flaw to execute OS commands on vulnerable devices.
- Zyxel addressed the vulnerability with the release of firmware version 5.39 for certain firewall models.
- Users are advised to update admin and user account passwords for enhanced protection.
Read Full Article
9 Likes
Pymnts
4w
244
Image Credit: Pymnts
Geico and Travelers Fined $11.3 Million For NY Data Breaches
- Geico and Travelers fined $11.3 million for poor data security in New York.
- Over 120,000 New Yorkers' information compromised in data breaches.
- Geico to pay $9.75 million and Travelers to pay $1.55 million in penalties.
- Breaches were part of an industry-wide hacking campaign.
Read Full Article
14 Likes
Securityaffairs
4w
395
Image Credit: Securityaffairs
Malware campaign abused flawed Avast Anti-Rootkit driver
- Threat actors exploit an outdated Avast Anti-Rootkit driver to evade detection, disable security tools, and compromise the target systems.
- Trellix researchers discover a malware campaign that abuses a vulnerable Avast Anti-Rootkit driver to gain deeper access to the target system.
- The malware corrupts trusted kernel-mode drivers, terminates protective processes, and compromises infected systems.
- Organizations are advised to implement protections against attacks using vulnerable drivers.
Read Full Article
23 Likes
For uninterrupted reading, download the app