Thursday January 30, 2025

Details

An actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.

In less than a month, Prolific Puma has registered thousands of domains, many on the U.S. top-level domain (usTLD), to help with the delivery of phishing, scams, and malware.

Researchers from Infoblox, a DNS-focused security vendor that looks at 70 billion DNS queries daily, first observed Prolific Puma activity six months ago, after detecting a registered domain generation algorithm (RDGA) to create the domain names for the malicious URL shortening service. Read More..

Details

The HelloKitty ransomware operation is exploiting a recently disclosed Apache ActiveMQ remote code execution (RCE) flaw to breach networks and encrypt devices.

The flaw, tracked CVE-2023-46604, is a critical severity (CVSS v3 score: 10.0) RCE allowing attackers to execute arbitrary shell commands by exploiting the serialized class types in the OpenWire protocol.

The security problem was addressed in a security update on October 25, 2023. However, threat monitoring service ShadowServer reported that, as of October 30, there were still 3,329 internet-exposed servers using a version vulnerable to exploitation. Read More..

Details

Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region.

Researchers from Mandiant report that four ongoing campaigns target vulnerable Citrix NetScaler ADC and Gateway appliances, with attacks underway since late August 2023.

The security company has seen post-exploitation activity related to credential theft and lateral movement, warning that exploitation leaves behind limited forensic evidence, making these attacks particularly stealthy. Read More..

Details

Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday.

On affected devices, users were warned to immediately uninstall the Google app because it could secretly send SMS messages, download and install other apps, or steal their sensitive information.

Others saw a different alert, telling them that the Google app was a trojan that could provide remote access to their device and allow attackers to install malware and steal the users' data. Read More..

Details

A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily.

NuGet is an open-source package manager and software distribution system, enabling developers to download and include ready-to-run .NET libraries for their projects.

Threat actors who target software distribution systems like npm and PyPI have recently shown interest in NuGet, which predominantly targets Windows users and has become very popular among software developers. Read More..

  1. Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection Misconfigurations
  2. New ExelaStealer Attack Windows PCs and Steals Private Data
  3. CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities
  4. NSA and CISA Reveal Top 10 Cybersecurity Misconfigurations
  5. Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance

Page 13 of 31