In order to enhance your security posture and defenses, it is essential that you have up-to-date knowledge on two key things like emerging cyber risks and attack vectors.
Stolen information is forwarded from C&C servers used in these attacks to stage two servers located in China.
Attackers launched a campaign in early March 2024 distributing trojanized installers for WinSCP and PuTTY, which led to downloads containing malware.
The attackers then established persistence, downloaded additional payloads, attempted to steal data, and deployed ransomware, showing TTPs similar to those used by BlackCat/ALPHV in the past.
Ebury criminal group is responsible for organizing this botnet that has been in operation since 2009 with multiple propagation methods including hijacking hosting providers' infrastructure as well as ARP spoofing attacks.
The latest releases of XZ Utils are vulnerable to this backdoor, meaning that downgrading compromised versions is very critical when preventing such attacks.
A new acoustic keyboard side-channel attack has been found by cyber security researchers, which can be utilized by hackers to steal important information by capturing the sounds of keystrokes with the help of microphones.
The exploit has been observed in attacks involving QakBot and other malware, indicating multiple threat actors have access to it.
Cybersecurity analysts at Rapid7 have identified a new social engineering attack that delivers the Black Basta ransomware.
The attack begins with a surge of seemingly harmless newsletter signup confirmation spam emails that bypass email protections.
Attackers then make phone calls pretending to be IT support to persuade users to allow remote access through tools like AnyDesk or Quick Assist.
Once connected, the attacker downloads payloads to harvest credentials and maintain persistence, which could ultimately result in ransomware infections, as in previous Black Basta operations.
The attack chain is similar to one that was reported previously by Cisco Talos wherein sideloading ActiveX tools accompanied by base64 encoded binaries have been employed and a false document.
Organizations should create means through which they can guard against unapproved applications and third-party scripts being used by outsiders in their systems while joining hands with larger cybersecurity community in order to effectively counter these diverse attacks.
The vulnerability allows unauthenticated remote attackers to gain elevated privileges and execute commands as root by combining an authentication bypass with command injection.
There is an out-of-bounds memory access vulnerability in V8, a component of Chrome that leads to data beyond the allotted memory buffer consequently enabling attackers to leak data or crash the browser itself.
Threat actors are manipulating Microsoft's QuickAssist remote access tool to distribute ransomware in the guise of social engineering attacks.
Norway Recommends Replacing SSLVPN/WebVPN. Norway's National Cyber Security Centre recommends replacing SSLVPN/WebVPN solutions with more secure alternatives like IPsec with IKEv2 due to repeated vulnerabilities exploited by threat actors.
The move aims to reduce the attack surface for secure remote access incidents and enhance network security against breaches.
The threat model is aimed at tackling the ever-changing cyber threat landscape, giving practical insights into how to identify and reduce the risks of attacks on embedded systems.
This Cyber News was published on cybersecuritynews.com. Publication date: Sun, 19 May 2024 14:20:08 +0000