- Details
- The Hacker News
The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods."Investigated network traffic to a compromised device has shown that the threat actor has upgraded the implant to do an extra header check," NCC Group's Fox-IT team said. "Thus, for a lot of devices, the implant is still active, but now only responds if the correct Authorization HTTP header is set." Read More..
- Details
- Cyber Security News
A new InfoStealer called ExelaStealer emerged in 2023, joining the ranks of other well-known malware like RedLine, Raccoon, and Vidar.
FortiGuard Labs, a leading cybersecurity research and analysis firm, has revealed some insights into this new threat. ExelaStealer is an open-source malware that can be customized for a fee.
It is written in Python, but it can also use other languages like JavaScript when needed. It targets Windows-based systems and steals various types of information, such as passwords, credit cards, cookies, sessions, and keystrokes. Read More..
- Details
- The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while removing five bugs from the list due to lack of adequate evidence.
The vulnerabilities newly added are below -
- CVE-2023-42793 (CVSS score: 9.8) - JetBrains TeamCity Authentication Bypass Vulnerability
- CVE-2023-28229 (CVSS score: 7.0) - Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
- Details
- BleepingComputer
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations.
Today's advisory also details what tactics, techniques, and procedures (TTPs) threat actors use to successfully exploit these misconfigurations with various goals, including gaining access to, moving laterally, and targeting sensitive information or systems. Read More..
- Details
- The Hacker News
Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through an SQL Server instance.
"The attackers initially exploited a SQL injection vulnerability in an application within the target's environment," security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen said in a Tuesday report.
"This allowed the attacker to gain access and elevated permissions on a Microsoft SQL Server instance deployed in Azure Virtual Machine (VM)."ackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware.
The attackers trick the targets into downloading a RAR/ZIP archive containing a downloader for an evasive Python-based stealer that grabs cookies and passwords stored in the victim's browser. Read More..
- Apple Emergency Update for New Zero-Day Used to Hack iPhones
- EvilProxy uses indeed.com open redirect for Microsoft 365 Phishing
- 3AM Ransomware: A Sneak Peek into a New Malware Family
- Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
- MetaStealer Malware Targets Apple MacOS in Recent Attacks