Internet-exposed Human Machine Interfaces (HMIs) pose significant risks to the Water and Wastewater Systems (WWS) sector, according to a new fact sheet jointly released by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA). Titled Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems and published last week, the
Month: December 2024
Dec 16, 2024Ravie LakshmananMalvertising / Threat Intelligence Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. “Entirely reliant on a single ad network for propagation, this campaign showcases the
Ransomware claims reached an all-time high in November 2024, with Corvus Insurance reporting 632 victims claimed on ransomware groups’ data leak sites (DLS). More than double the monthly average of 307 victims, the November count exceeds the previous peak of 527 victims recorded in May 2024. According to a December 11 report by Corvus, these
Dec 14, 2024Ravie LakshmananMalware / Cyber Threat Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. “The target of the threat actors were Thailand officials based on the nature of the lures,” Nikhil Hegde, senior engineer for
Threat actors’ abuse of legitimate Microsoft tools rose by 51% in the first half of 2024 compared to 2023, according to Sophos’ latest Active Adversary Report. The researchers observed 187 unique Microsoft Living Off the Land Binaries (LOLbins) used by threat actors in 190 cyber incidents analyzed in H1 2024. Over a third of them
Dec 14, 2024Ravie LakshmananBotnet / Ad Fraud Germany’s Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and
The US Government has offered a $5m reward for information that leads to the disruption of financial mechanisms of persons engaged in a fake IT worker scheme targeting US firms that support the Democratic People’s Republic of Korea (DPRK). The conspirators, some of whom were ordered by their superiors to earn at least $10,000 per
Dec 13, 2024The Hacker NewsLinux / Vulnerability A security flaw has been disclosed in OpenWrt‘s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher
Two significant security vulnerabilities in the popular Woffice WordPress theme that could allow attackers to gain unauthorized control or access have been patched. The Woffice theme, a premium product developed by Xtendify with over 15,000 sales, provides team and project management functionality for WordPress. According to a report by Patchstack, the first vulnerability is a privilege
Dec 12, 2024Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. “Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive
Russian state threat actor Secret Blizzard has leveraged resources and tools used by other cyber groups to support the Kremlin’s military efforts in Ukraine, according to Microsoft. These campaigns have consistently led to the download of Secret Blizzard’s custom malware on devices associated with the Ukrainian military. The analysis is the second part of research
Dec 11, 2024Ravie LakshmananMalware / Endpoint Security A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. “To exploit this technique, a user must be convinced to run a program that uses UI Automation,” Akamai
A significant cyber operation exploiting vulnerabilities in improperly configured public websites has been linked to the Nemesis and ShinyHunters hacking groups, exposing sensitive data, including customer information, infrastructure credentials and proprietary source code. According to independent cybersecurity researchers Noam Rotem and Ran Locar, the attackers orchestrated a large-scale internet scan targeting vulnerable endpoints within Amazon Web Services
Dec 10, 2024Ravie LakshmananVulnerability / Threat Analysis Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on
A federal appeals court has upheld a law that could see TikTok banned across the US unless its Chinese parent company, ByteDance, divests its ownership. The decision was issued by a three-judge panel from the US Court of Appeals for the District of Columbia Circuit on Friday, marking a significant setback for the video-sharing platform
Dec 09, 2024Ravie LakshmananCyber Threats / Weekly Recap This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and
Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish the data it had stolen earlier this week. However, despite the claims, a Deloitte spokesperson told Infosecurity that its investigation indicates that the allegations relate to a single client’s system which sits outside of the Deloitte network. “No Deloitte systems have
Dec 07, 2024Ravie LakshmananSupply Chain Attack / Cryptocurrency In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI)
A propaganda campaign conducted primarily on TikTok boosted a far-right candidate who topped the votes in the first round of Romania’s presidential election, according to Romanian authorities. Cǎlin Georgescu, a far-right candidate with pro-Kremlin views, was predicted to receive minimal support in the country’s presidential election, with only 1% of the vote in pre-election polls
Dec 07, 2024The Hacker NewsEnterprise Security / Threat Prevention Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots
The US Federal Communications Commission (FCC) is looking to expanding cybersecurity requirements for US telecommunications firms following the Salt Typhoon cyber-attack which impacted at least eight US communications firms. As part of its “decisive action” the FCC has released a Notice of Rulemaking in which communications firms could be subject to an annual certification requirement
Dec 06, 2024Ravie LakshmananSpyware / Mobile Security A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of Toronto’s Citizen
Two severe vulnerabilities in Veeam Service Provider Console (VSPC) software have been patched, including one with a near-maximum CVSS score of 9.9. The issues, designated as CVE-2024-42448 and CVE-2024-42449, were identified during internal testing by Veeam. Both flaws pose significant risks to system integrity, requiring immediate attention from affected service providers. Details of the Vulnerabilities
Dec 05, 2024Ravie LakshmananCryptocurrency / Mobile Security As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. “DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface
The Federal Trade Commission (FTC) has banned data brokers Gravy Analytics and Mobilewalla from collecting, using or selling sensitive location data that reveals Americans’ visits to places like healthcare facilities, military bases and religious institutions. The settlements, announced on Tuesday, also require both companies to delete previously collected data and impose strict controls to prevent future
Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that’s created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone
Houston-based ENGlobal Corporation, a contractor specializing in engineering and automation services for the energy sector and US government, announced Monday that a ransomware attack has disrupted its operations. The company disclosed the incident on Monday in aregulatory filing with the US Securities and Exchange Commission (SEC). The breach was identified on November 25 2024, prompting ENGlobal
Dec 03, 2024Ravie LakshmananVulnerability / Network Security Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA’s WebVPN login page that could allow an unauthenticated,
A new report by a French government agency has accused Azerbaijan of manipulating online users in France’s overseas constituencies and Corsica. In a new report published on December 2, France’s technical agency responsible for monitoring foreign digital interference, VIGINUM, released findings about the Baku Initiative Group (BIG), a state-sponsored organization based in Azerbaijan. From July
Dec 02, 2024The Hacker NewsAI Security / Data Protection Artificial Intelligence (AI) is no longer a far-off dream—it’s here, changing the way we live. From ordering coffee to diagnosing diseases, it’s everywhere. But while you’re creating the next big AI-powered app, hackers are already figuring out ways to break it. Every AI app is an