ποΈ APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A South Koreaaligned cyber espionage has been linked to the zeroday exploitation of a nowpatched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APTC60, according to cybersecurity firms ESET and DBAPPSecurity. The attacks have been found to infect Chinese and East Asian users.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. "The BlackByte ransomware group continues to leverage tactics, techniques, and procedures TTPs that have formed the foundation of its tradecraft since its.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw affecting the Apache OFBiz opensource enterprise resource planning ERP system to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerability, known as CVE202438856, carries a CVSS score of 9.8, indicating critical severity.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are calling attention to a new QR code phishing aka quishing campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. "By using legitimate cloud applications, attackers provide credibility to victims, helping them to trust the content it serves," Netskope Threat.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE20246386 CVSS score 9.9, impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024. Arising due to missing input validation and sanitization,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Old devices, new dangers: The risks of unsupported IoT tech π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
In the digital graveyard, a new threat stirs Outofsupport devices becoming thralls of malicious actors.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Old devices, new dangers: The risks of unsupported IoT tech
Out-of-date Internet of Things (IoT) devices can easily become exploited by bad actors looking to use them for their own agenda.
π LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
LummaC2, a Cbased MaaS tool first identified in 2022, has resurfaced to exfiltrate credentials and personal data.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics
LummaC2, a C-based MaaS tool first identified in 2022, has resurfaced to exfiltrate credentials and personal data
π Iran-Backed Peach Sandstorm Hackers Deploy New Tickler Backdoor π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The hacking subsidiary of the Iranian Islamic Revolutionary Guard Corps RGC has targeted satellite, communications, oil and gas and government sectors in the US and UAE.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Iran-Backed Peach Sandstorm Hackers Deploy New Tickler Backdoor
The hacking subsidiary of the Iranian Islamic Revolutionary Guard Corps (RGC) has targeted satellite, communications, oil and gas and government sectors
π Money Laundering Dominates UK Fraud Cases π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
KPMG research finds money laundering accounted for the majority of fraud cases heard in the first half of 2024.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Money Laundering Dominates UK Fraud Cases
KPMG research finds money laundering accounted for the majority of fraud cases heard in the first half of 2024
π South Korean Spies Exploit WPS Office Zero-Day π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ESET uncovers a South Korean cyberespionage campaign featuring a zeroday exploit for WPS Office.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
South Korean Spies Exploit WPS Office Zero-Day
ESET uncovers a South Korean cyber-espionage campaign featuring a zero-day exploit for WPS Office
π How to Prevent Account Takeover: Real-life Scenarios and Mitigation Steps π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Ignoring security in the name of progress is a risky gamble. Even tiny oversight, like failing to verify passwords during email changes can result in an account takeover. You read that right this seemingly minor issue can be a major troublemaker. In this article, our expert security team will discuss simple yet effective steps to The post How to Prevent Account Takeover Reallife Scenarios and Mitigation Steps appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
How to Prevent Account Takeover: Hands-on Tips and Real-life Scenarios from Purple Team
Discover practical strategies to prevent account takeover with real-life scenarios from the Purple Team. Learn how to secure your accounts and avoid attack escalation.
π¦
CVE-2024-39717 Exposes Critical Vulnerability in Versa Director π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways This CVE202439717 vulnerability impacts Versa Director, a key platform for managing Versa SDWAN solutions used by ISPs and MSPs. CVE202439717 involves an unrestricted file upload flaw that allows authenticated users to upload malicious files disguised as .png images. Exploitation of this flaw can lead to unauthorized access and potential system compromise, posing a serious risk to affected organizations. Cybles scan reveals 31 internetexposed instances of Versa Director, with 16 in the U.S., indicating significant potential for exploitation. An APT actor has exploited the vulnerability due to a failure to implement recommended firewall and hardening measures. Users are advised to upgrade to Versa Director version 22.1.4 or later and follow additional sec...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Critical CVE-2024-39717 Vulnerability In Versa Director
CISA alerts on CVE-2024-39717 in Versa Director. Urgent updates, MFA, and stronger network security are advised to prevent serious exploitation risks.
π¦
Scammers Use ScreenConnect to Defraud SSA Beneficiaries π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble Research and Intelligence Labs CRIL has uncovered a phishing site designed to mimic Zoom, which facilitates the download of ScreenConnect software. Scammers are leveraging Zoom's trusted reputation to trick victims into downloading ScreenConnect. By impersonating a widely recognized platform, the phishing site increases the likelihood that victims will believe the download is legitimate, lowering their guard. This ScreenConnect software allows attackers to establish a remote connection to the victims computer, giving them full access to the system. The IP address associated with the ScreenConnect software is also linked to other malicious activities. Notably, it hosts a domain involved in scamming Social Security Administration SSA account holders, indicat...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Novel attack vectors leverage the CVE202322527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking
Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.
π΅οΈββοΈ BlackByte Targets ESXi Bug With Ransomware to Access Virtual Assets π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The pivot is one of several changes the groups using the malware have used in recent attacks.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
BlackByte Targets ESXi Bug With Ransomware to Access Virtual Assets
The pivot is one of several changes the groups using the malware have used in recent attacks.
π΅οΈββοΈ CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
CISA warned about the RCE zeroday vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet Campaign
CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.
π Ransomware Attacks Exposed 6.7 Million Records in US Schools π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Ransomware attacks on US schools and colleges have surged, with 491 incidents since 2018, affecting over 8000 institutions.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ransomware Attacks Exposed 6.7 Million Records in US Schools
Ransomware attacks on US schools and colleges have surged, with 491 incidents since 2018, affecting over 8000 institutions
π¦
Kursk Offensive Unveiled: Ukraineβs Strategic Planning and Cyber-Kinetic Convergence π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Executive Summary The geopolitical situation surrounding Ukraine in 2024 showcases a complicated interaction of changing international alliances and the difficulties the Ukrainian government faces in sustaining this support as global priorities shift. While Ukraine continues to receive significant international support, the landscape in 2024 indicates a potential decline in the international community's patience and commitment. The combination of reduced U.S. aid, significant gaps in European allocations, and the distraction of global conflicts poses serious challenges for Ukraine. However, on August 6, 2024, after its longtime defensive posture since the beginning of the conflict in February 2022, Ukraine threw caution to the wind by launching a significant mechanized leanon, s...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Ukraine's Kursk Offensive: Strategy & Cyber-Kinetic Fusion
Explore Ukraine's Kursk Offensive, blending strategic military maneuvers with cyber tactics, reshaping the conflict's dynamics since 2023.
π’ Microsoft issues warning over potent malware strain developed by Iranian threat actor π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Iranian statebacked hacking group has continued its usual password spraying and social engineering techniques to gain a foothold in target environments.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Microsoft issues warning over potent malware strain developed by Iranian threat actor
The Iranian state-backed hacking group has continued its usual password spraying and social engineering techniques to gain a foothold in target environments
π’ Cybersecurity spending is going to surge in 2025 β and AI threats are a key factor π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Enterprises globally have already ramped up cybersecurity spending to contend with potent new threats and theres more to come in the year ahead.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Cybersecurity spending is going to surge in 2025 β and AI threats are a key factor
Enterprises globally have already ramped up cybersecurity spending to contend with potent new threats β and thereβs more to come in the year ahead
π΅οΈββοΈ South Korean APT Exploits 1-Click WPS Office Bug, Nabs Chinese Intel π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The most popular office software suite in China actually has two critical vulnerabilities, which allowed hackers the opportunity for remote code execution. Time to patch.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
South Korean APT Exploits 1-Click WPS Office Bug, Nabs Chinese Intel
The most popular office software suite in China actually has two critical vulnerabilities, which allowed hackers the opportunity for remote code execution. Time to patch.