The Hacker News.

"New Snake Keylogger variant leveraging Autolt Scripting to evade detection."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 19 February 2025, 1449 UTC.

Content and Source:  https://thehackernews.com.

Please check link or scroll down to read your selections.  Thanks for joining us today. 

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

   

New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection

Feb 19, 2025 Malware / Threat Intelligence

A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. "Typically delivered through phishing emails containing malicious attachments or links, Snake Keylogger is designed to steal sensitive information from popular web browsers like Chrome, Edge, and Firefox by logging keystrokes, capturing credentials, and monitoring the clipboard," security researcher Kevin Su said . Its other features allow it to exfiltrate the stolen information to an attacker-controlled server using the Simple Mail Transfer Protocol (SMTP) and Telegram bots, allowing the threat actors to access stolen credentials and other sensitive data." What's notable about the latest set of attacks is that it makes use of the AutoIt scripting language ...

Level Up Your Cyber Skills at SANS 2025

SANS InstituteCyber Security / Training

Master in-demand techniques at our largest training event in 2025. Explore 50+ courses. Train in person to claim your $769 savings!

The Ultimate MSP Guide to Structuring and Selling vCISO Services

Feb 19, 2025 Managed Services / Risk Management

The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services—delivering high-level cybersecurity leadership without the cost of a full-time hire. However, transitioning to vCISO services is not without its challenges. Many service providers struggle with structuring, pricing, and selling these services effectively. That's why we created the Ultimate Guide to Structuring and Selling vCISO Services .  This guide, created in collaboration with Jesse Miller, a seasoned vCISO and founder of PowerPSA Consulting, offers actionable strategies to navigate these hurdles. From identifying what to offer and whom to target, to crafting compelling sales strategies, this resource provides a comprehensive roadmap for building a successful vCISO practice. Where to Begin: What to Offer and to Whom This guide outline...

Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack

Feb 19, 2025 Windows Security / Malware

Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts. The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month. Targets of the campaign include individuals and businesses worldwide, with Kaspersky's telemetry finding higher infection concentrations in Russia, Brazil, Germany, Belarus, and Kazakhstan. "This approach helped the threat actors make the most out of the miner implant by targeting powerful gaming machines capable of sustaining mining activity," researchers Tatyana Shishkova and Kirill Korchemny said in an analysis published Tuesday. The XMRig cryptocurrency miner campaign employs popular simulator and physics games like BeamNG.drive, Garry's Mod, Dyson Sphere Program, Universe Sandbox, and Plutocracy as lures to initi...

CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

Feb 19, 2025 Threat Intelligence / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The flaws are listed below - CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS management web interface that allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts CVE-2024-53704 (CVSS score: 8.2) - An improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication Palo Alto Networks has since confirmed to The Hacker News that it has observed active exploitation attempts against CVE-2025-0108, with the company noting that it could be chained with other vulnerabilities like CVE-2024-9474...

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

Feb 18, 2025 Vulnerability / Network Security

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below - CVE-2025-26465 (CVSS score: 6.8)  - The OpenSSH client contains a logic error between versions 6.8p1 to 9.9p1 (inclusive) that makes it vulnerable to an active MitM attack if the VerifyHostKeyDNS option is enabled, allowing a malicious interloper to impersonate a legitimate server when a client attempts to connect to it (Introduced in December 2014) CVE-2025-26465 (CVSS score: 5.9)  - The OpenSSH client and server are vulnerable to a pre-authentication DoS attack between versions 9.5p1 to 9.9p1 (inclusive) that causes memory and CPU consumption (Introduced in August 2023) "If an attacker can perform a man-in-the-middle a...

Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks

Feb 18, 2025 Cyber Espionage / Malware

The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe, whenever ESET antivirus application is detected running, Trend Micro said in a new analysis. "The attack involves dropping multiple files, including legitimate executables and malicious components, and deploying a decoy PDF to distract the victim," security researchers Nathaniel Morales and Nick Dai noted. "Additionally, Earth Preta utilizes Setup Factory, an installer builder for Windows software, to drop and execute the payload; this enables them to evade detection and maintain persistence in compromised systems." The starting point of the attack sequence is an execu...

4 Ways to Keep MFA From Becoming too Much of a Good Thing

Feb 11, 2025IT Security / Threat Protection

Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it's undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels like too much of a good thing. Here are a few reasons why MFA isn't implemented more universally. 1. Businesses see MFA as a cost center MFA for businesses isn't free, and the costs of MFA can add up over time. Third-party MFA solutions come with subscription costs, typically charged per user. Even built-in options like Microsoft 365's MFA features can cost extra depending on your Microsoft Entra license. Plus, there's the cost of training employees to use MFA and the time IT takes to enroll them. If MFA increases help desk calls, support costs go up too. While these expenses are far less t...

New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

Feb 18, 2025 Threat Intelligence / Malware

Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer . The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows ( Lumma Stealer or DeerStealer ) and Android ( Marcher ). TA2727 is a "threat actor that uses fake update themed lures to distribute a variety of malware payloads," the Proofpoint Threat Research Team said in a report shared with The Hacker News.  It's one of the newly identified threat activity clusters alongside TA2726, which is assessed to be a malicious traffic distribution system (TDS) operator that facilitates traffic distribution for other threat actors to deliver malware. The financially motivated threat actor is believed to be active since at least September 2022. TA2726, per the enterprise security firm, acts as a TDS for TA2727 and another threat actor ca...

Debunking the AI Hype: Inside Real Hacker Tactics

Feb 18, 2025 Artificial Intelligence / Cyber Defense

Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs' Red Report 2025 which analyzed over one million malware samples, there's been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a larger and larger role, the latest data suggests that a set of well-known tactics, techniques, and procedures (TTPs) are still dominating the field. The hype around artificial intelligence has certainly been dominating media headlines; yet the real-world data paints a far more nuanced picture of which malware threats are thriving, and why. Here's a glimpse at the most critical findings and trends shaping the year's most deployed adversarial campaigns and what steps cybersecurity teams need to take to respond to them. Why the AI Hype is Falling Short…at Least For Now While headl...

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Feb 18, 2025 Vulnerability / Network Security

Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589 , the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the company said in an advisory. The vulnerability impacts the following products and versions - Session Smart Router: From 5.6.7 before 5.6.17, from 6.0.8, from 6.1 before 6.1.12-lts, from 6.2 before 6.2.8-lts, and from 6.3 before 6.3.3-r2 Session Smart Conductor: From 5.6.7 before 5.6.17, from 6.0.8, from 6.1 before 6.1.12-lts, from 6.2 before 6.2.8-lts, and from 6.3 before 6.3.3-r2 WAN Assurance Managed R...

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

Feb 18, 2025 Malware / Network Security

The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug , which has been assessed to be a subset within the APT41 cyber espionage group, by Cybereason under the name Operation CuckooBees , and by Symantec as Blackfly. APT41 has been described as a highly skilled and methodical actor with the ability to mount espionage attacks as well as poison the supply chain. Its campaigns are often designed with stealth in mind, leveraging a bevy of tactics to achieve its goals by using a custom toolset that not only bypasses security software installed in the environment, but also harvests critical information and establishes covert channels for persistent remote access. "The group's espionage activities, ...

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Feb 18, 2025 Vulnerability / Enterprise Security

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol ( LDAP ) and SMB/FTP services. "This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP's configuration and cause the MFP device to send authentication credentials back to the malicious actor," Rapid7 security researcher Deral Heiland said . "If a malicious actor can successfully leverage these issues, it would allow them to capture credentials for Windows Active Directory. This means they could then move laterally within an organization's environment and compromise other critical Windows servers and file systems." The identified vulnerabilities, which affect firmware versions 57.69.91 and earlier, are listed below - CVE-2024-12510 (CVSS score: 6.7) - Pass-back attack via LDAP CVE-202...