Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation

The Hacker News : Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half.  And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and http://dlvr.it/T5rW5b Posted by : Mohit Kumar ( Hacker )

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The Hacker News : The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. The unknown adversary "performed reconnaissance http://dlvr.it/T5rW5D Posted by : Mohit Kumar ( Hacker )

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

The Hacker News : Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to http://dlvr.it/T5rW4l Posted by : Mohit Kumar ( Hacker )

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

The Hacker News : New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path," SafeBreach security researcher Or Yair said& http://dlvr.it/T5rW28 Posted by : Mohit Kumar ( Hacker )

Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage

The Hacker News : Microsoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient. "They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective," the tech giant said in its latest report on East Asia hacking groups. The company http://dlvr.it/T5r63m Posted by : Mohit Kumar ( Hacker )

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

The Hacker News : A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with the malware. RedLine Stealer,&nbsp http://dlvr.it/T5p6J2 Posted by : Mohit Kumar ( Hacker )

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

The Hacker News : Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as "intricate" and a combination of two bugs in versions PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 of the software. "In http://dlvr.it/T5m1CQ Posted by : Mohit Kumar ( Hacker )

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

The Hacker News : Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday. http://dlvr.it/T5m1BQ Posted by : Mohit Kumar ( Hacker )

BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool

The Hacker News : Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to as Deuterbear. "Waterbear is known for its complexity, as it http://dlvr.it/T5kmc8 Posted by : Mohit Kumar ( Hacker )

How Attackers Can Own a Business Without Touching the Endpoint

The Hacker News : Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here’s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.  Before getting into the details of the attack techniques being used, let’s discuss why http://dlvr.it/T5kM1P Posted by : Mohit Kumar ( Hacker )

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

The Hacker News : Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia," cybersecurity agencies from the Netherlands and the U.S., http://dlvr.it/T5kM0j Posted by : Mohit Kumar ( Hacker )

Hackers Target Middle East Governments with Evasive "CR4T" Backdoor

The Hacker News : Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at least a year prior. The campaign has been codenamed  http://dlvr.it/T5jYWr Posted by : Mohit Kumar ( Hacker )

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

The Hacker News : Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform. "The documents contained VBA code to drop and run an executable with the name 'ctrlpanel.exe,'" http://dlvr.it/T5hCJ8 Posted by : Mohit Kumar ( Hacker )

FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor

The Hacker News : The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). "FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights," the BlackBerry research and intelligence team said in a new write-up. "They http://dlvr.it/T5hCHS Posted by : Mohit Kumar ( Hacker )

Recover from Ransomware in 5 Minutes—We will Teach You How!

The Hacker News : Super Low RPO with Continuous Data Protection:Dial Back to Just Seconds Before an Attack Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use http://dlvr.it/T5gnf7 Posted by : Mohit Kumar ( Hacker )

New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks

The Hacker News : A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin said in a technical analysis. http://dlvr.it/T5gndQ Posted by : Mohit Kumar ( Hacker )

How to Conduct Advanced Static Analysis in a Malware Sandbox

The Hacker News : Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations. Detecting Threats in PDFs PDF files are frequently exploited by threat actors to http://dlvr.it/T5gnd8 Posted by : Mohit Kumar ( Hacker )