The Hacker News

"DoJ indicts 14 North Koreans for $88M IT Worker fraud scheme over six years."

Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents.  Accessed on 14 December 2024, 0221 UTC.

Content and Source:  Email subscription via https://feedly.com.   https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fthehackernews.com%2Ffeeds%2Fposts%2Fdefault

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Hacker News

201K followers35 articles per week#security#tech
34

Most popular

DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

IoC > 1 domain
44by info@thehackernews.com (The Hacker News) / 9h
14 North Koreans indicted for fraud
The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. "The conspirators, who worked for

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

Process Injection (Enterprise T1055)
38by info@thehackernews.com (The Hacker News) / 8h
A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the

Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

15 TTPs
38by info@thehackernews.com (The Hacker News) / 13h
Iranian malware IOCONTROL targets IoT systems
Iran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable

Today

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

IoC > 1 URL
21by info@thehackernews.com (The Hacker News) / 5h
19 TTPs
A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that

How to Generate a CrowdStrike RFM Report With AI in Tines

by info@thehackernews.com (The Hacker News) / 13h
Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform. Their bi-annual “You Did What with Tines?!” competition highlights some of the most interesting workflows submitted by their

Yesterday

New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

3 TTPs
62by info@thehackernews.com (The Hacker News) / 16h
Pumakit Linux rootkit malware discovered
Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. "PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with

FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

IoC > 2 domains
41by info@thehackernews.com (The Hacker News) / 19h
Rydox cybercrime marketplace seized
The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox ("rydox[.]ru" and "rydox[.]cc") for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud. In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested.

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

4 TTPs
74by info@thehackernews.com (The Hacker News) / 1d
Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

4 TTPs
39by info@thehackernews.com (The Hacker News) / 1d
The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both

Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

91by info@thehackernews.com (The Hacker News) / 1d
Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved

SaaS Budget Planning Guide for IT Professionals

31by info@thehackernews.com (The Hacker News) / 1d
SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it’s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect both the bottom line and employee productivity. In this article, we’ll break down this topic

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

2 TTPs
43by info@thehackernews.com (The Hacker News) / 1d
CVE-2024-11973 & 1 other
Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it

Dec 11, 2024

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

IoC > 1 domain
54by info@thehackernews.com (The Hacker News) / 1d
2 TTPs
Law enforcement shuts down DDoS booters
A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.net, and

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

17 TTPs
by info@thehackernews.com (The Hacker News) / 2d
Secret Blizzard exploits Storm-0156 infrastructure
The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

6 TTPs
62by info@thehackernews.com (The Hacker News) / 2d
A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "

Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

37by info@thehackernews.com (The Hacker News) / 2d
Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

14 TTPs
61by info@thehackernews.com (The Hacker News) / 2d
Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

IoC > 2 IPs
46by info@thehackernews.com (The Hacker News) / 2d
5 TTPs
Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

10 TTPs
56by info@thehackernews.com (The Hacker News) / 2d
US organization in China hacked
A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team

Dec 10, 2024

Comments

Post a Comment

Please leave a comment about our recent post.

Popular posts from this blog

Cyber War News Today.

Image
"International Defence Cooperation:  A key to regional stability." Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents.  Accessed on 15 December 2024, 0134 UTC. Content and Source:   https://cyberwar.einnews.com/news/cyber-war-news?n=2&code=FA9GNesSTpp2rjO1&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Cyber+War+News&utm_content=navig Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Cyber War News Monitoring Get by    Email    •     RSS Published on  Dec 13, 2024 The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 13.3% WILMINGTON, DE, UNITED STATES, December 13, 2024 /⁨EINPresswire.com⁩/ -- According to the report, The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 1...
Read more

BleepingComputer.com

Image
"Progress LoadMaster vulnerable to 10/10 severity RCE flaw." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 08 September 2024, 1458 UTC. Content and Source:   https://www.bleepingcomputer.com/ Please check link or scroll down to read your selections. Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Latest Articles   Security Progress LoadMaster vulnerable to 10/10 severity RCE flaw Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device. Bill Toulas   September 08, 2024   10:11 AM     0   Deals Get started learning about cybersecurity with this course bundle deal Take a real step towards a job in information security with this intro to cybersecurity. Get the 2...
Read more

The Cyberwire Daily Briefing

Image
"Fortinet confirms breach of customer data." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 15 September 2024, 1339 UTC. Content and Source:   https://thecyberwire.com/newsletters/daily-briefing/13/176 Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). V13 | Issue 176 | 9.13.24 Daily Briefing for 09.13.24 Announcement Cloud Security in the Age of Generative AI. Artificial Intelligence is revolutionizing business, but it also introduces new risks. Join us on Wednesday, September 18th at 2pm EDT for a compelling live webinar on "Good vs. Evil: Cloud Security in the Age of Generative AI" with N2K CyberWire’s Dave Bittner and Sysdig’s Loris Degioanni.  Learn more and register now . Summary By the CyberWire staff At a glance. Fortinet confirms breach of customer data. Iran's Scarred Manticore deplo...
Read more