January 2024 – Page 4 – Learn and Explore

January 25, 2024
Uncategorized

China-backed Hackers Hijack Software Updates to Implant “NSPX30” Spyware

A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name Blackwood. It’s said to be...

January 25, 2024
Uncategorized

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader’s icon and name masquerades as the legitimate CherryTree note-taking...

January 25, 2024
Uncategorized

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data. “The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity,...

January 24, 2024
Uncategorized

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters...

January 24, 2024
Uncategorized

Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption

The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows “threat actors to terminate antivirus processes...

January 24, 2024
Uncategorized

What is Nudge Security and How Does it Work?

In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT...

January 24, 2024
Uncategorized

U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network...

January 24, 2024
Uncategorized

The Unknown Risks of The Software Supply Chain: A Deep-Dive

In a world where more & more organizations are adopting open-source components as foundational blocks in their application’s infrastructure, it’s difficult to consider traditional SCAs as complete protection mechanisms against open-source threats. Using open-source libraries saves tons of coding and debugging time, and by that – shortens the time...

January 24, 2024
Uncategorized

Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin

A critical security flaw has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. “Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an...

January 23, 2024
Uncategorized

VexTrio: The Uber of Cybercrime – Brokering Malware for 60+ Affiliates

The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive “criminal affiliate program,” new findings from Infoblox reveal. The latest development demonstrates the “breadth of their activities and depth of their connections within the cybercrime industry,”...