Millenium RAT, a sophisticated Remote Access Tool (RAT), is being sold on GitHub. It exclusively attacks Windows systems and is built on the.NET framework. The RAT allows hackers to steal sensitive data, remain undetected, and gain remote control over infected devices. It is advertised as an educational resource but can be accessed for a small fee. The RAT builder allows users to customize the RAT to meet their specific needs. The Millenium RAT is a significant cybersecurity threat and stakeholders should enhance their cybersecurity measures. #MilleniumRAT #GitHub #WindowsSystems #CybersecurityThreat
RedLine Malware steals sensitive data and installs more malware. It targets both enterprise and personal devices in the healthcare and manufacturing sectors. RedLine behaves like Raccoon or Pony and enables file transfers and executing commands. It is easily accessible on underground forums. The stealer's execution process is straightforward, and it gathers and transmits data in non-encrypted and Base64 encoded formats. Attackers distribute RedLine through social engineering, email campaigns, fake updates, and spam. Vigilance with email attachments and links is crucial for protection. #redlinemalware #datatheft #cybersecurity
Critical Atlassian bug exploited in ransomware attacks; Atlassian vulnerability being exploited by threat actors; Rapid7 observes exploitation of Atlassian vulnerability in multiple customer environments; Atlassian updates security advisory for CVE-2023-22518; Customers urged to update to latest version of Atlassian product; Over 24,000 Confluence servers currently online; Atlassian warns of possible data wiping in affected environments.
#Atlassian #bugexploit #ransomware #vulnerability #threatactors #Rapid7 #securityadvisory #Confluenceservers #datawipe
https://www.infosecurity-magazine.com/news/critical-atlassian-bug-ransomware/
Spy Trojan SpyNote is targeting Android users through a disguised mod for the game Roblox. The malware can log keystrokes, record screens, and impersonate Google and Facebook. Kaspersky's investigation reveals the vulnerabilities that cyber-criminals are exploiting within the gaming user base, including DDoS attacks and Trojan campaigns. Minecraft and Roblox are the most targeted games, with Minecraft players being the primary targets for mobile attacks. The gaming industry needs enhanced cybersecurity awareness to protect personal and financial data. Recommendations include downloading games from official stores and using robust security solutions. #SpyTrojan #SpyNote #Android #Roblox #gaming #cybersecurity
https://www.infosecurity-magazine.com/news/spynote-unveiled-in-attacks-on/
Summary:
- The US Department of the Treasury has sanctioned a Russian national named Ekaterina Zhdanova for her involvement in virtual currency money laundering on behalf of Russian elites.
- Zhdanova used virtual currency to help Russian elites and illicit actors evade US and international sanctions.
- She employed various methods, including cash, connections to money laundering associates, and traditional businesses to facilitate cross-border transactions.
- Zhdanova also provided services to individuals linked to the Russian Ryuk ransomware group, laundering over $2.3m in suspected victim payments.
- The US Treasury remains focused on combating illicit finance risks in the virtual assets ecosystem.
Hashtags:
- #VirtualCurrencyMoneyLaundering
- #RussianElites
- #USDepartmentoftheTreasury
- #Sanctions
- #AntiMoneyLaundering
- #Cybercrime
https://www.infosecurity-magazine.com/news/russian-sanctioned-virtual-money/
U.S. Gov. recovers $2.4 million from business email hack. Hackers stole funds through compromised business emails but were reclaimed by authorities. Cyber criminals are becoming more sophisticated, but efforts to protect individuals and businesses continue. The hack involved two companies, c1 and c2, with c1 being fraudulently convinced to update payment information. The money was frozen after the fraud was discovered, and the sole signatory of the receiving account was tracked down. The person claimed to have no prior business dealings with c1 or c2 and had contracted with a group of individuals met at a Bitcoin conference. The federal government has successfully returned over $11 billion in illegally obtained funds to their rightful owners. Business Email Compromise (BEC) is the main reason for frauds and causes daily losses of $8 million. It is important to verify email recipients through phone or in person to prevent scams. #USGovRecovered #BusinessEmailHack #CyberSecurityNews
https://cybersecuritynews.com/u-s-government-recovers-business-emails-hack/
Hilb Group Cyber Attack: 81K people's Personal Info Exposed. The breach occurred from December 1, 2022, to January 12, 2023 and was detected on October 9, 2023. Phishing attack accessed personal information including names, financial account numbers, and passwords. The affected individuals are at risk of identity theft and financial fraud. The Hilb Group notified affected parties and offered identity theft protection services. The company's timely response highlights its commitment to transparency and protection. Cybercriminal tactics are evolving, emphasizing the need for robust cybersecurity measures. The Hilb Group is collaborating with experts to enhance security protocols. #cyberattack #cybersecurity #vulnerability.
Summary: Over 4 million systems have been hacked using gaming-related cyber attacks. The gaming industry is targeted by cybercriminals due to its growing income and player base, with underage players being potential targets. The majority of these attacks are distributed as mods, cheats, or other game-related software. Trojans and adware are the most common risks associated with desktop gaming. Minecraft is the most commonly utilized lure, followed by Roblox and Counter-Strike: Global Offensive. Mobile gamers of Minecraft are the most popular targets for mobile malware. It is important for parents to educate themselves and protect their children from these risks. The global gaming industry is expected to grow significantly in the coming years.
Hashtags: #CyberAttack #CyberSecurity #CyberSecurityNews
Hackers are spreading WhatsApp spy mods via Telegram. Using WhatsApp mods can expose users to security risks. Hackers may exploit vulnerabilities in these mods to intercept messages, access contacts, and distribute malware. Researchers found a malicious WhatsApp mod containing a Trojan-Spy module. The mod is distributed through Telegram channels. It is recommended to stick to official messaging apps for data safety. #cybersecurity #WhatsApp #spy #mods #Telegram
https://cybersecuritynews.com/hackers-spreading-whatsapp-spy/
HelloKitty ransomware is exploiting an Apache ActiveMQ flaw, allowing it to spread ransomware on target systems. The flaw, CVE-2023-46604, is a critical severity remote code execution vulnerability. The HelloKitty ransomware family is responsible for the attacks. Apache ActiveMQ versions 5.18.0 to 5.18.3, 5.17.0 to 5.17.6, 5.16.0 to 5.16.7, and older versions are affected by the flaw. Apache has released fixes in versions 5.15.16, 5.16.7, 5.17.6, and 5.18.3. Organizations should upgrade to a fixed version and check for vulnerability signs. #HelloKitty #ransomware #ApacheActiveMQ #cybersecurity #vulnerability
https://cybersecuritynews.com/hellokitty-ransomware-apache-activemq/
SaaS Security Admin Guide 2024: A comprehensive plan for securing cloud-based assets and data. #SaaSsecurity #AdminGuide #Cloudsecurity
Understanding SaaS Security: Protecting against unauthorized access, data breaches, and cyber attacks in cloud-based software applications. #SaaSsecurity #Cloudsecurity
Critical Components of SaaS Security: Data protection, identity and access management, compliance and privacy, endpoint security, secure configuration, network security, incident response and monitoring, education and training. #DataProtection #IAM #Compliance #EndpointSecurity #NetworkSecurity #IncidentResponse #Education
Best Practices for SaaS Security: Risk assessment, secure APIs, vendor management, security policies, continuous improvement. #SaaSsecurity #BestPractices
Protect your SaaS Apps and data with DoControl: Automated data access controls, data security operations, continuous compliance, integrated security approach, scalable and adaptive security, simplified security management. #DoControl #DataSecurity #Compliance
SaaS Security Checklist: Vendor assessments, strong access controls, data encryption and protection, IAM, monitor and audit activity, secure API connections, network security, compliance and legal, endpoint security, training and awareness, incident response planning, secure configuration management, contract and SLA management, threat intelligence integration, continuous improvement. #SaaSsecurity #SecurityChecklist
1. Boeing cyberattack raises concerns about supply chain security. #Boeing #Cybersecurity #SupplyChain
2. Scarred Manticore conducting cyberespionage campaigns in the Middle East. #IIS #Cyberespionage #ThreatActor
3. Knight ransomware targeting Windows computers to steal sensitive data. #KnightRansomware #Windows #DataBreach
4. EleKtra-Leak campaign targeting AWS IAM credentials for cryptojacking. #EleKtraLeak #AWS #Cryptojacking
5. CitrixBleed flaw being widely exploited by threat actors. #CitrixBleed #Vulnerability #Exploit
6. F5 Networks warns of authenticated SQL injection flaw in BIG-IP Configuration utility. #F5Networks #BIGIP #SQLInjection
7. Critical vulnerability discovered in Atlassian Confluence software. #Atlassian #Confluence #Vulnerability
8. OAuth vulnerability discovered in Grammarly, Vidio, and Bukalapak. #OAuth #Vulnerability #Authentication
9. Over 3,000 Apache ActiveMQ servers at risk due to critical RCE vulnerability. #ApacheActiveMQ #Vulnerability #RCE
10. Remote Desktop Manager and Devolutions Server affected by access control and RCE vulnerabilities. #RemoteDesktopManager #DevolutionsServer #Vulnerability
11. Microsoft Edge vulnerabilities discovered, including remote code execution and spoofing. #MicrosoftEdge #Vulnerability #RemoteCodeExecution
12. Serious security issue in Cisco Meeting Server's Web Bridge feature. #Cisco #MeetingServer #SecurityFlaw
13. Google releases Chrome 119 with 15 security patches. #GoogleChrome #SecurityPatches #Update
14. Forum of Incident Response and Security Teams unveils new CVSS 4.0 for better vulnerability assessment. #CVSS4.0 #VulnerabilityAssessment #SecurityMetrics
15. Open redirect vulnerability in VMware Workspace ONE UEM console allows for SAML response theft. #VMware #WorkspaceONE #Vulnerability
16. Kubernetes privilege escalation flaw allows for administrative privileges on affected pods. #Kubernetes #PrivilegeEscalation #Vulnerability
17. Exploit released for critical Cisco IOS zero-day vulnerability. #CiscoIOS #ZeroDay #Exploit
18. NGINX ingress controllers vulnerable to arbitrary command execution and code injection. #NGINX #IngressControllers #Vulnerability
19. Hackers actively attacking blockchain engineers with new macOS malware. #Hackers #Blockchain #macOSMalware
20. Hackers weaponize HWP docs for national defense and press sector attacks. #HWPDocs #NationalDefense #PressAttacks
21. Cybercriminals abusing Google Ads to deploy Bonanza malware. #GoogleAds #BonanzaMalware #Cybercrime
22. NuGet package manager under attack by threat actors for software supply chain attacks. #NuGet #PackageManager #SupplyChainAttacks
23. XWorm RAT being used for data theft, DDoS attacks, and ransomware deployment. #XWormRAT #DataTheft #DDoS
https://cybersecuritynews.com/threat-and-vulnerability-october-29-to-november-4/
Three new vulnerabilities in Microsoft Edge allow attackers to execute malicious code. The severity of these vulnerabilities ranges from medium to medium. Microsoft has released patches for these vulnerabilities, urging users to upgrade. The vulnerabilities are assigned as CVE-2023-36022, CVE-2023-36029, and CVE-2023-36034. Upgrade to prevent exploitation. #MicrosoftEdge #Vulnerability #Cybersecurity
Government of Canada Bans WeChat and Kaspersky Apps. The minister of Canada, Anita Anand, has banned the WeChat and Kaspersky suite of applications on government mobile devices. WeChat offers communication features like text messaging and video conferencing, while Kaspersky provides cybersecurity solutions. The ban is due to data collection methods employed by these apps. They will be removed from government-issued mobile devices, and users will be unable to download them in the future. The government aims to ensure the security of Canadian government networks and data and collaborate with international partners to enhance security protocols. They will monitor potential threats and take immediate action when necessary. #Canada #WeChat #Kaspersky #cybersecurity
Summary:
- DarkGate, also known as MehCrypter, is a versatile malware that exploits vulnerabilities in Microsoft Teams and SharePoint.
- It is popular among cybercriminals for its keylogging, information theft, and payload execution capabilities.
- The recent variant of DarkGate uses a phishing email and a malicious document to initiate its infiltration.
- It employs DLL side-loading techniques, AutoIt scripts, and PE files to evade detection and conceal its intentions.
Hashtags:
#DarkGate #MehCrypter #MicrosoftTeams #SharePoint #cybersecurity #malware #phishing #DLLsideLoading #AutoItScripts #PEfiles #evadeDetection
3,000+ Apache ActiveMQ Servers Vulnerable to RCE Attacks.
Summary: Over 3,000 Apache ActiveMQ servers exposed to the internet are at risk due to a critical remote code execution vulnerability (CVE-2023-46604). The vulnerability allows attackers to execute arbitrary shell commands using the OpenWire protocol. ShadowServer reports that out of 7,249 servers, 3,329 are vulnerable to remote code execution attacks. The majority of vulnerable servers are located in China, with others in the US, Germany, and other countries. It is advised to update to versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 to protect against the vulnerability.
Hashtags: #cybersecurity #cybersecuritynews #RCEAttacks
Okta, a US-based software firm, experienced a data breach that exposed the personal information of around 5,000 employees. The breach was caused by a third-party vendor, Rightway Healthcare, Inc. Rightway notified Okta that an unauthorized actor had gained access to an eligibility census file. The file contained personal information such as names, social security numbers, and health insurance plan numbers. Okta is providing affected employees with complimentary credit monitoring and fraud detection services as a precaution. The company has no evidence of misuse but advises employees to monitor their accounts for fraud or identity theft. #Okta #DataBreach #PersonalInformation #Security
https://cybersecuritynews.com/5000-okta-employees-affected-by-data-breach/
MuddyWater group targets Israeli entities with advanced tactics. Spear-phishing emails and remote administration tools used. New infection vector identified. Decoy document from Israeli Civil Service Commission used. Reconnaissance and custom command-and-control server involved. MuddyC2Go framework used. Deep Instinct provides more details on the campaign. #MuddyWater #cyberattack # spearphishing #remoteadministration #cybersecurity
https://www.infosecurity-magazine.com/news/muddywater-targets-israeli-entities/
Next Generation CVSS v4.0 Vulnerability Scoring System Released.
Enhanced metrics and wider range of scores enable more effective vulnerability assessment.
CVSS 4.0 measures severity of security problems and helps in decision-making for cybersecurity.
Features include measuring exploit ease, damage potential, and current threat level.
Tool has evolved since 2005 and now includes threat intelligence and environmental metrics.
Hashtags: #CVSS #Cybersecurity #SecurityAssessment #ThreatIntel
https://cybersecuritynews.com/cvss-v4-0-vulnerability-scoring/
The recent shutdown of the Mozi botnet is believed to have been carried out by its creators, possibly forced by Chinese authorities. The takedown was discovered by cybersecurity firm ESET, who found a kill switch indicating deliberate action. Mozi was a highly active botnet, with millions of infected nodes. The creators had been arrested before, but the botnet remained active due to its architecture. In August, the number of daily infections dropped significantly. ESET identified a kill switch used to take down the botnet, which disabled its malicious routines. The theory is that the creators were forced to cooperate with Chinese law enforcement.
#Mozi #Botnet #KillSwitch #Cybersecurity #China
https://www.securityweek.com/mozi-botnet-likely-killed-by-its-creators/