Iranian cyberspies target US defense orgs with new backdoor The Register

Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft.
Hundreds of e-commerce sites compromised by card stealers.
Cyber crooks compromised 443 online shops, using JavaScript-sniffers to steal these e-merchants' customers' credit card or payment information, according to Europol.
The coordinated effort to combat digital skimming attacks included cops from 17 countries, the European Union Agency for Cybersecurity, and private-sector security shops Group-IB and Sansec.
Over the course of two months, the law enforcement agencies notified the online retailers that their customers' payment details had been stolen as part of the crooks' online fraud scheme.
In these attacks, thieves use snippets of JavaScript code to intercept customers' card data during the online checkout process without the retailers or customers realizing they've been compromised.
The security firm says, as of the end of 2023, there's 132 known JS-sniffer families that have been used to compromise websites across the globe.
We've got some end-of-the year critical vulnerabilities including at least one that's already been found and exploited in the wild.
Apple security updates - CVE-2023-42940 and more: Apple released security updates to address vulnerabilities in Safari, iOS, iPadOS, and macOS Sonoma, but only released details and a CVE for one of these.
It's a session rendering issue in macOS Sonoma that could be exploited to steal sensitive information.
CVSS 9.8 - Multiple CVEs: Ivanti's Avalanche enterprise mobile device management product contains 12 memory corruption bugs that could be exploited by sending specially crafted data packets to the Mobile Device Server, resulting in denial of service or remote code execution.
CVSS 9.8 - Multiple CVEs: EuroTel ETL3100 radio transmitters, versions v01c01 and v01x37, are vulnerable to three bugs that could allow an attacker to gain full access to the system, disclose sensitive information.
CVSS 9.6 - Multiple CVEs: EFACEC BCU 500 control and automation devices are susceptible to uncontrolled resource consumption and cross-site request forgery flaws that could allow a denial-of-service condition or compromise the web application.
Kazakhstan will reportedly extradite a network security specialist to Moscow, despite the US government's demand to send him to Washington.
The Eastern Bloc country detained Nikita Kislitsin, an employee of Russian infosec shop FACCT, on June 22 at the request of the US, which accused him of committing cyber crimes, according to a statement by his employer.
The US extradition request seems to be related to earlier charges against Kislitsin, who is accused of breaking into the social networking service Formspring in 2012.
A 2014 indictment [PDF] alleges that, after breaking and entering, Kislitsin stole usernames, email addresses, and passwords, and then tried to sell the stolen database for 5,000 euros a pop.
Shortly after the Feds demanded Kislitsin be extradited to America, Moscow came out with its own extradition request, which appears to have won the battle - at least according to the the General Prosecutor's Office of the Russian Federation.
On Thursday, the government agency said Kislitsin will be sent back to Russia where he will face criminal charges related to hacking.
After allegedly stealing the org's data, Kislitsin then tried to extort the firm for $550,000 rubles in cryptocurrency.


This Cyber News was published on go.theregister.com. Publication date: Sat, 23 Dec 2023 13:13:05 +0000


Cyber News related to Iranian cyberspies target US defense orgs with new backdoor The Register

Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
11 months ago Bleepingcomputer.com
BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
9 months ago Securityboulevard.com
Microsoft: Hackers target defense firms with new FalseFont malware - Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. The DIB sector targeted in these attacks comprises over 100,000 defense companies and ...
1 year ago Bleepingcomputer.com
Iran's Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector - In its latest campaign, Iranian state-backed hackers, Peach Sandstorm, employs FalseFont backdoor for intelligence gathering on behalf of the Iranian government. Cybersecurity researchers at Microsoft Threat Intelligence Unit have uncovered the ...
1 year ago Hackread.com
Iranian cyberspies target US defense orgs with new backdoor The Register - Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft. Hundreds of e-commerce sites compromised by card stealers. Cyber crooks compromised 443 online shops, using ...
11 months ago Go.theregister.com
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
1 year ago Blog.checkpoint.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor - The latest version of the Kazuar backdoor could be more sophisticated than previously imagined, according to Palo Alto Networks. The Kazuar backdoor was used by the Russian hacking group Turla to target the Ukrainian defense sector in July 2023, the ...
1 year ago Infosecurity-magazine.com
Russian Sandworm Group Using Novel Backdoor to Target Ukraine - Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ...
8 months ago Infosecurity-magazine.com
Understanding Backdoor Diplomacy Attack on Iranian Government Entities - In today’s digital world, cyberattacks are becoming increasingly prevalent, particularly against governments and public or private entities. Recently, a new targeted attack against Iranian government entities has been detected. Dubbed “Backdoor ...
1 year ago Heimdalsecurity.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
7 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft - In the context of the Israel-Hamas conflict, Iran's offensive operations against Israel were initially reactive and chaotic, but quickly ramped up and expanded in scope, Microsoft says. Immediately after October 7, Iranian threat actors were seen ...
10 months ago Securityweek.com
Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets - A group of pro-Hamas attackers known as the Gaza Cybergang is using a new variation of the Pierogi++ backdoor malware to launch attacks on Palestinian and Israeli targets. According to research from Sentinel Labs, the backdoor is based on the C++ ...
1 year ago Darkreading.com
New 'SpectralBlur' macOS Backdoor Linked to North Korea - Security researchers have dived into the inner workings of SpectralBlur, a new macOS backdoor that appears linked to the recently identified North Korean malware family KandyKorn. The observed SpectralBlur sample was initially uploaded to VirusTotal ...
11 months ago Securityweek.com
Iranian Hackers Developed a New Backdoor to Hack Windows - Peach Sandstorm, an Iranian Hackers group, targets diverse sectors globally, and this group is linked to:-. Using password spray campaigns, Peach Sandstorm exhibits opportunistic behavior, with a history of relying on this tactic. This custom ...
11 months ago Cybersecuritynews.com
Hackers backdoor Russian state, industrial orgs for data theft - Several state and key industrial organizations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations. Kaspersky first detected the campaign in June 2023, while in mid-August, the ...
1 year ago Bleepingcomputer.com
Integration of Cisco Secure Threat Defense Virtual with Megaport - Business critical data can originate from diverse sources ranging from multiple public clouds, private clouds, and internal servers to a remote employee's device. Securing each data entity individually is time consuming and challenging due to lack of ...
6 months ago Feedpress.me
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
Iranian Hackers Targeting US Defense Industrial Base Entities With New Backdoor - Microsoft is raising the alarm on new Iranian state-sponsored attacks targeting employees at US defense industrial base organizations. The tech giant attributes the attacks to Peach Sandstorm, the name it uses to denominate the activity cluster also ...
1 year ago Securityweek.com
Iranian Hackers Targeting US Defense Industrial Base Entities With New Backdoor - Microsoft is raising the alarm on new Iranian state-sponsored attacks targeting employees at US defense industrial base organizations. The tech giant attributes the attacks to Peach Sandstorm, the name it uses to denominate the activity cluster also ...
1 year ago Packetstormsecurity.com
US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches - It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control, the Iranian government organization responsible for the series of malicious cyber activities directed against ...
10 months ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)