menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Securelist

1M

read

91

img
dot

Image Credit: Securelist

Angry Likho: Old beasts in a new forest

  • Angry Likho, an APT group, resembling Awaken Likho, focuses on targeted attacks on employees of large organizations, mainly in Russia and Belarus.
  • Their attacks involve spear-phishing emails with malicious attachments, including a self-extracting archive named FrameworkSurvivor.exe.
  • The implant in the archive hides the Lumma Trojan stealer, aimed at stealing sensitive data such as banking details, usernames, passwords, and more.
  • The group uses obfuscation techniques in their scripts to hide their activities, making analysis complex.
  • Angry Likho's recent surge in activity in January 2025 indicates ongoing threats, with hundreds of victims in Russia and Belarus.
  • The attackers target specific users with tailored spear-phishing emails and use malicious utilities from darknet forums for their operations.
  • To defend against such attacks, organizations need robust security solutions, employee training, and awareness programs.
  • The group's attack techniques remain consistent with periodic pauses, suggesting strategic planning in their operations.
  • The report provides indicators of compromise, including file hashes, implants, bait files, and malicious domains associated with Angry Likho's activities.
  • Monitoring and updating cyber intelligence data on such APT groups are essential to combat evolving cybersecurity threats effectively.

Read Full Article

like

5 Likes

share

1 Share

source image

Securityaffairs

1M

read

86

img
dot

Image Credit: Securityaffairs

Atlassian fixed critical flaws in Confluence and Crowd

  • Atlassian has patched 12 critical and high-severity vulnerabilities in its software products.
  • The most severe vulnerabilities include remote code execution flaws and broken authentication and session management issues.
  • The vulnerabilities affect Bamboo, Bitbucket, Confluence, Crowd, and Jira.
  • Atlassian did not disclose whether the flaws have been exploited.

Read Full Article

like

5 Likes

share

1 Share

source image

Siliconangle

1M

read

268

img
dot

Image Credit: Siliconangle

CISA and FBI warns Ghost ransomware is targeting critical infrastructure and businesses

  • The US Cybersecurity and Infrastructure Agency (CISA) and the FBI have issued a joint advisory warning about the activities of Ghost ransomware, also known as Cling.
  • Ghost ransomware, allegedly operated by a group in China, targets critical infrastructure, schools, healthcare, government networks, and businesses in over 70 countries for financial gain.
  • The ransomware exploits unpatched vulnerabilities in popular software to gain unauthorized access to systems, deploys web shells, and uses command-line tools to establish persistence within the network.
  • To defend against Ghost ransomware, proactive measures such as applying security patches, implementing network segmentation, and restricting access to critical systems are recommended.

Read Full Article

like

16 Likes

share

3 Shares

source image

Securityaffairs

1M

read

328

img
dot

Image Credit: Securityaffairs

Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers

  • China-linked APT group Salt Typhoon utilizes custom malware JumbledPath to spy on U.S. telecom providers, as reported by Cisco Talos researchers.
  • The APT group has been active since at least 2019, targeting government entities and telecom companies globally.
  • Salt Typhoon exploited Cisco vulnerabilities, breached U.S. telecom networks, and utilized GRE tunnels for data exfiltration.
  • Stolen credentials, network config captures, and intercepted traffic were used by Salt Typhoon for further access inside networks.
  • The group manipulated network settings, used JumbledPath tool for packet capture, and attempted evasion techniques.
  • In December 2024, Salt Typhoon targeted a Myanmar-based telecom provider, with IOCs and mitigation recommendations provided in the report.
  • The group also compromised Charter Communications and Windstream, exploiting vulnerabilities in major network device vendors.
  • Salt Typhoon breached a ninth U.S. telecom as part of a global cyberespionage campaign aimed at telco firms, confirmed by a White House official.
  • President Biden's national security adviser disclosed breaches in telecommunications companies globally by the China-linked APT group.
  • Lumen, AT&T, and Verizon reported securing networks post-cyberespionage attempts by Salt Typhoon, active for 1-2 years targeting telcos worldwide.

Read Full Article

like

19 Likes

share

4 Shares

source image

Medium

1M

read

433

img
dot

Image Credit: Medium

Thread Call Stack Cleaning

  • Stack cleaning is a technique used to remove traces of injected or suspicious execution paths from a thread's call stack.
  • By manipulating the return addresses in the call stack, stack cleaning can help malware evade detection by security tools.
  • The process involves suspending the thread, retrieving the execution context, reading memory from the stack, zeroing out the stack values, and restoring the original context.
  • Stack cleaning combined with other evasion techniques can improve stealth and persistence of malware, but advanced security solutions can still detect suspicious activity.

Read Full Article

like

26 Likes

share

6 Shares

source image

Securityaffairs

1M

read

396

img
dot

Image Credit: Securityaffairs

NailaoLocker ransomware targets EU healthcare-related entities

  • NailaoLocker ransomware targeted European healthcare organizations between June and October 2024.
  • The malware campaign, called The Green Nailao, involved the use of ShadowPad, PlugX, and the newly discovered NailaoLocker ransomware.
  • The attack exploited a zero-day vulnerability in Check Point VPN appliances, allowing the threat actors to access sensitive information and move laterally through the network.
  • Although the campaign shares similarities with China-linked APT groups, attribution remains uncertain.

Read Full Article

like

23 Likes

share

5 Shares

source image

Coinpedia

1M

read

437

img
dot

Image Credit: Coinpedia

Just In: SEC Launches New Unit to Tackle Fraud in AI, Blockchain, and Crypto

  • The US Securities and Exchange Commission (SEC) has launched the Cyber and Emerging Technologies Unit (CETU) to tackle fraud in AI, blockchain, and crypto.
  • The CETU will focus on fraud involving emerging technologies, such as AI, blockchain, and crypto, and aims to protect investors and promote innovation.
  • Led by Laura D’Allaird, the unit comprises approximately 30 fraud specialists and attorneys across multiple SEC offices.
  • The SEC's focus is on fraud involving blockchain technology and crypto assets, rather than labeling most digital assets as unregistered securities, like Chairman Gary Gensler has done.

Read Full Article

like

26 Likes

share

6 Shares

source image

Siliconangle

1M

read

54

img
dot

Image Credit: Siliconangle

New report warns of growing threat of mobile phishing targeting SMS and messaging apps

  • A new report warns of a growing threat of mobile phishing targeting SMS and messaging apps.
  • Mobile-specific weaknesses, such as smaller screen sizes and touch-based interactions, are exploited by cybercriminals to carry out large-scale phishing campaigns.
  • Attackers leverage SMS, messaging apps, and QR codes to trick users into revealing sensitive information or downloading malicious software.
  • Mobile users with smaller screens are less likely to verify URLs, and the trust in mobile messaging apps makes phishing attempts more successful.

Read Full Article

like

3 Likes

share

Share

source image

Securityaffairs

1M

read

68

img
dot

Image Credit: Securityaffairs

Microsoft fixed actively exploited flaw in Power Pages

  • Microsoft has fixed a privilege escalation vulnerability in Power Pages that was actively exploited in attacks.
  • The vulnerability, tracked as CVE-2025-21355, allowed unauthorized attackers to execute code over a network in Microsoft Bing.
  • Another vulnerability, CVE-2025-24989, allowed unauthorized attackers to elevate privileges in Power Pages.
  • Microsoft has provided instructions for affected customers to review their sites for potential exploitation and clean up any affected systems.

Read Full Article

like

4 Likes

share

Share

source image

Securityaffairs

1M

read

241

img
dot

Image Credit: Securityaffairs

Citrix addressed NetScaler console privilege escalation flaw

  • Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent.
  • The vulnerability, tracked as CVE-2024-12284, allows attackers to escalate privileges under certain conditions.
  • The vulnerability impacts specific versions of NetScaler Agent and NetScaler Console.
  • Cloud Software Group released updated versions to address the vulnerability.

Read Full Article

like

14 Likes

share

3 Shares

source image

NullTX

1M

read

159

img
dot

Image Credit: NullTX

Urgent Warning: Active Phishing Campaign Targeting Jupiter Users

  • A phishing campaign targeting Jupiter users through ads claiming a 'Jupiter Exchange exploit' is active.
  • Malicious actors trick users into pasting JS code into their browser consoles leading to wallet drain.
  • Deceitful operation involves fake bug reports urging users to interact with malicious links.
  • The fraudsters use a malicious API (solapi.network) to access and drain crypto wallets.
  • Users are warned against engaging with unsound advertisements or links and advised to verify code sources.
  • Protective measures include using hardware wallets, verifying updates from platforms, and enabling 2FA.
  • Jupiter users are urged to stay vigilant against phishing attempts and act promptly if compromised.
  • Staying informed about cryptocurrency threats and scams is crucial for safeguarding investments.
  • Disclosure: This is not trading or investment advice. Always research before investing in cryptocurrencies.

Read Full Article

like

9 Likes

share

2 Shares

source image

Securelist

1M

read

118

img
dot

Image Credit: Securelist

Managed detection and response in 2024

  • Kaspersky Managed Detection and Response service (MDR) provides round-the-clock monitoring and threat detection.
  • In 2024, the MDR infrastructure processed an average of 15,000 telemetry events per host daily, with over two high-severity incidents detected per day.
  • The largest concentration of Kaspersky MDR customers is in Europe, the CIS, and the META regions.
  • General observations from 2024 include decreased high-severity incidents with increased complexity, a rise in human-driven targeted attacks, attackers often returning after a successful breach, prevalent use of Living off the Land techniques, and top threats being User Execution and Phishing.

Read Full Article

like

7 Likes

share

1 Share

source image

Securityaffairs

1M

read

433

img
dot

Image Credit: Securityaffairs

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

  • Palo Alto Networks warns that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls.
  • The vulnerability CVE-2025-0111 is a file read issue in PAN-OS, allowing an attacker to read files that are readable by the 'nobody' user.
  • Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched PAN-OS web management interfaces.
  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the CVE-2025-0108 vulnerability to its Known Exploited Vulnerabilities catalog.

Read Full Article

like

26 Likes

share

6 Shares

source image

Hackers-Arise

1M

read

155

img
dot

Image Credit: Hackers-Arise

Cyberwar Mission #3: Using QRCodes in Phishing and Social Media Attacks

  • Social engineering tactics utilized in cyber warfare can be turned against adversaries, as demonstrated by Master OTW's strategy.
  • The use of QR codes in phishing emails can bypass anti-spam filters and evade browser security warnings.
  • Reconnaissance involves gathering email addresses of target individuals, like employees in a company, using tools such as Crosslinked and Hunter.io.
  • Phishing campaigns can be executed using tools like GoPhish integrated with Evilginx for enhanced phishing attacks.
  • GoPhish provides features such as user-friendly interface, tracking, and integration capabilities, making it popular among hackers.
  • Challenges of integrating Evilginx and GoPhish include setup complexities and user desensitization to frequent phishing attempts.
  • Connecting GoPhish with Evilginx involves configuring admin URLs, API keys, and SMTP settings for effective phishing campaigns.
  • CloudFlare integration can help in obscuring server IPs for anonymity and faster DNS propagation.
  • Generating QR codes to entice users involves embedding QR codes in emails using HTML and sending phishing emails with compelling content.
  • Effective social engineering tactics and phishing campaigns require continuous learning from adversaries and innovative approaches.

Read Full Article

like

9 Likes

share

2 Shares

source image

Hackingblogs

1M

read

41

img
dot

Image Credit: Hackingblogs

Snake Keyloggers: Protect Your IT Companies As Soon As Possible

  • Snake Keylogger, a malicious program designed to steal confidential information, is targeting IT companies.
  • The Snake Keylogger records keystrokes, captures images, and monitors the clipboard to collect sensitive data.
  • IT firms recently experienced a malspam campaign using phishing emails to distribute the Snake Keylogger.
  • The malware uses persistence and process hollowing to evade detection and maintain access to compromised systems.

Read Full Article

like

2 Likes

share

Share

Prev

20
21
22
23
24
25
26
27
28
29
30

Next

For uninterrupted reading, download the app